HelpSpot Help Desk Software | HelpSpot Blog | HelpSpot Support

ADLDAP Portal Authentication


#1

I am working on getting the ADLDAP portal authentication setup. I have setup LiveLookup and the Blackbox authentication for the admin page without any issues. I found that pretty easy. I am now working on getting the Blackbox setup to verify my users when they check the status on their ticket. The issue that I am having is I dont really understand how to integrate the authentication function and query for a user information. I am not a programmer by trade but I have written lots of things in php before. Here is what I have so far and I was hoping that someone could point out how this should format.

I assume that the function below is what is needed to get the users email, pending a little tweaking. This one has been modified a bit ( I pulled this from my adLDAP.php file)

// Returns an array of information for a specific user
function user_info($username,$fields=NULL){
	if ($username==NULL){ return (false); }
	if (!$this->_bind){ return (false); }

	$filter="samaccountname=".$username;
	if ($fields==NULL){ $fields=array("mail"); }
	$sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
	$entries = ldap_get_entries($this->_conn, $sr);
	
	// AD does not return the primary group in the ldap query, we may need to fudge it
	if ($this->_real_primarygroup){
		$entries[0]["memberof"][]=$this->group_cn($entries[0]["primarygroupid"][0]);
	} else {
		$entries[0]["memberof"][]="CN=Domain Users,CN=Users,".$this->_base_dn;
	}
	
	$entries[0]["mail"]["count"]++;
	return ($entries);
}

Here is my black box authentication setup that works:


//include the class
require_once(“adLDAP.php”);

function BlackBox($username, $password){

//create the AD LDAP connection
$adldap = new adLDAP();

//authenticate a user
if ($adldap->authenticate($username,$password)){
if return true;
}else{
return false;
}


What I need to know is how do I authenticate and get the email address pulled in the same script to work on the BlackBoxPortal.php. I have made an attempt but it’s not working. Any help would be appreciated.

My attempt (not working):


require_once(“adLDAP.php”);

function BlackBox($username, $password){

//create the AD LDAP connection
$adldap = new adLDAP();

//authenticate a user
if ($adldap->authenticate($username,$password)){
function user_info($username,$fields=NULL){
return ($entries);
}else{
return false;
}



#2

Hi Andrew,

You have some errors in your file. There’s a page here that describes how to do this:
http://www.userscape.com/helpdesk/index.php?pg=kb.page&id=186

You can use something very similar to the admin page but the function name needs to be BlackBoxPortal and rather than returning true it needs to return the users email address which you’ll need to get from AD.


#3

We are in the same boat as Andrew. The example you gave us is with MySQL but in an attempt to get an LDAP query to behave the same way I came up with the script below. I edited the sensitive information out from the first four variables for obvious reasons, the information works just fine on live lookup and admin AD authentication. I, like Andrew, am not a programmer by trade so there simply may be a glaring error. Any assistance that can be offered would be great

function BlackBoxPortal($username, $password){
$host = “host”;
$user = “user”;
$pswd = “password”;
$dn = “base”;

// Specify only those parameters we’re interested in displaying
// These are the fields you will use below to create the Live Lookup XML
$attrs = array(‘mail’,‘samaccountname’);
$ad = ldap_connect($host)
or die( “Could not connect!” );
$filter = ‘samaccountname=$username’;
// Version number
ldap_set_option($ad, LDAP_OPT_REFERRALS, 0)
or die (“Could not set ldap protocol”);
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3)
or die (“Could not set ldap protocol”);
// Binding to ad/ldap server
$bd = ldap_bind($ad, $user, $pswd)
or die ("Could not bind: ".ldap_error($ad));

$search = ldap_search($ad, $dn, $filter, $attrs)
or die ("ldap search failed: ".ldap_error($ad));

$entries = ldap_get_entries($ad, $search);

return $entries[‘mail’];
}


#4

We followed the help on http://www.helpspot.com/helpdesk/index.php?pg=kb.page&id=186

The only thing we took from the page is the fact we need to return email and not true
Other than this, the page was useless for non developers

Finally we got it working!!!

so this was our Blackbox.php script which is working

//authenticate a user
if ($adldap->authenticate($username,$password)){
return true;

}else{

	return false;

}

Our wokring BlackboxPortal.php script
Edit the above code to this

//authenticate a user
if ($adldap->authenticate($username,$password)){
$userinfo = $adldap->user_info($username, array(“mail”));
return $userinfo[0][“mail”][0];

}else{

	return false;

}

Just dont want anyone else going through the pain we did