Directory ServicesPHP 5 ldap_sasl_bind ExamplePHP 5 installations with functioning SASL EXTERNAL support should use ldap_sasl_bind to bind to UW directories requiring client authentication. This example script (php-ldap-sasl.php.txt) establishes a connection to the configured LDAP server, issues the StartTLS extended operation, binds using ldap_sasl_bind with the SASL EXTERNAL (TLS client certificate authentication) mechanism, and performs a simple search using the defined searchbase and filter.
<html>
<head><title>PHP 5 ldap_sasl_bind example</title></head>
<h1>PHP 5 ldap_sasl_bind example</h1>
<?php
# UW Person Directory Service config
$host = "eds.u.washington.edu";
$base = "dc=personregistry,dc=washington,dc=edu";
$filter = "uwnetid=donn";
# UW Groups Directory Service config
# $host = "groups.u.washington.edu";
# $base = "dc=washington,dc=edu";
# $filter = "cn=u:cac:teg-smw";
# SASL EXTERNAL authentication config
$tls_cacert="/path/to/uwca.crt";
$tls_cert="/path/to/my.crt";
$tls_key="/path/to/my.key";
putenv("LDAPTLS_CACERT=$tls_cacert");
putenv("LDAPTLS_CERT=$tls_cert");
putenv("LDAPTLS_KEY=$tls_key");
# LDAPv3 is required
$r = ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
$d = ldap_connect($host);
if (!$d)
exit(0);
$r = ldap_start_tls($d);
if (!$r)
exit(0);
$r = ldap_sasl_bind($d, NULL, "", "EXTERNAL");
if (!$r)
exit(0);
$s = ldap_search($d, $base, $filter);
echo "ldap_search: " . $s . "<br />\n";
for ($c = ldap_first_entry($d, $s); $c; $c = ldap_next_entry($d, $c)) {
$e = ldap_get_attributes($d, $c);
echo "dn: " . ldap_get_dn($d, $c) . "<br />\n";
for ($j = 0; $j < $e["count"]; $j++) {
$a = ldap_get_values($d, $c, $e[$j]);
for ($k = 0; $k < $a["count"]; $k++)
echo $e[$j] . ": " . $a[$k] . "<br />\n";
}
}
?>
</body>
</html>
Note: This script has been tested with PHP 5 on a Unix platform. It has not been tested on the Windows platform. |
