Posted by andyt_2000_uk@yahoo.co.uk on 01/19/06 00:00

Hi guys,

I can currently connect, bind and authenticate a user against
ActiveDirectory using OpenLdap and apache. I have apache compiled with
SSL as well. I force PHP to use https:// and i get the browser ask if i
want to accept the certificate etc. I'm also connecting to Ldap on port
686.

Now it all works fine apart, although then i started up ethereal to
check on the packets and it appears the username and password are being
sent in plain text. I cant work out why.

Any help greatly appreciated.

Heres the code.
==========================================
var $_domain_controllers = array ("hole.chase.local, 686");

//other variables
var $_user_dn;
var $_user_pass;
var $_conn;
var $_bind;

// default constructor
function adLDAP(){
//connect to the LDAP server as the username/password
$this->_conn = ldap_connect($this->random_controller());
ldap_set_option($this->_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($this->_conn, LDAP_OPT_REFERRALS, 0); //disable plain
text passwords
return true;
}

// default destructor
function __destruct(){ ldap_close ($this->_conn); }

function random_controller(){
//select a random domain controller
mt_srand(doubleval(microtime()) * 100000000);
return
($this->_domain_controllers[array_rand($this->_domain_controllers)]);
}

// authenticate($username,$password)
// Authenticate to the directory with a specific username and password
// Extremely useful for validating login credentials
function authenticate($username,$password){
//validate a users login credentials
$returnval=false;

if ($username!=NULL && $password!=NULL){ //prevent null bind
$this->_user_dn=$username.$this->_account_suffix;
$this->_user_pass=$password;

$this->_bind =
@ldap_bind($this->_conn,$this->_user_dn,$this->_user_pass);
if ($this->_bind){ $returnval=true; }
}
return ($returnval);
}

[Back to original message]