views:

71

answers:

1

I created a form that asks you to log in, then verifies the user/pass against the ldap server/active-directory, if successful, it creates a session, which will be checked on every page.

Now I want to check the session, which is the username of the person who is logged in, and do a search for them using ldap_search, so I can check what group they belong to and pass that group thru a function to verify that they can view that page.

Each page will accessible to a certain group or groups of users, which those groups are defined within Active Directory.

I am unsure on how I can do that using ldap_search, or maybe that is just one piece of the puzzle I am trying to solve.

Any help is appreciated - thank you!

In the example code below, it is seeing if the user belongs to the student active-directory group (I do not know if this code works, but it should give you an idea of what I want to accomplish).

$filter = "CN=StudentCN=Users,dc=domain,dc=control";

$result = ldap_search($ldapconn,$filter,$valid_session_username);

if($result == TRUE) {
 print $valid_session_username.' does have access to this page';
} else {
 print $valid_session_username.' does NOT have access to this page';
}
+2  A: 

Quoted from php.net ldap_search() manual

returns a search result identifier or FALSE on error.

You have to use ldap_count_entries() to check if the ldap search actually found entries :

$filter = "CN=StudentCN=Users,dc=domain,dc=control";
$result = ldap_search($ldapconn,$filter,$valid_session_username);

$found = false;
if ($result !== false) {
    $count = ldap_count_entries  ($ldapconn, $result);
    if ($count !== false && $count > 0) {
     $found = true;
    }
}

if ($found === true) {
    print $valid_session_username.' does have access to this page';
} else {
    print $valid_session_username.' does NOT have access to this page';
}
Benjamin Delichère