May 3rd, 2004, 10:56 PM
Novell, LDAP, & PHP
I'd like to use Novell's LDAP server to authenticate website users on an intranet. I've found that I must select the option to allow clear text passwords in order to get it to work. Problem is, I don't want to use clear text passwords (for obvious reasons). Anybody know how do this without using clear text?
The web server is not running on the same box as the LDAP server and the site uses PHP. Using clear text username/password the code would look something like this...
/* code here to verify username & password entered, don't contain invalid characters, etc */
$ldap = @ldap_connect("220.127.116.11") or die("Could not connect to LDAP server");
$bind_result = @ldap_bind($ldap, "cn=" . $username . ",o=Company", $password) or die("Invalid Login Attempt");
/* Bunch of other code here */
May 3rd, 2004, 11:05 PM
I'm no programmer but I would think that unless you can generate a suitable hash of the password you won't be able to authenticate in anything but clear text.
It's a long time since I played with Novell but I have to guess that the authentication works a lot like windows where the password itself doesn't get sent, a hash of it does.
But it's possible I'm mislead..... been a long time since I looked at the details of AD authentication.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
May 4th, 2004, 03:51 AM
I don't know your end goals for the project, but you may want to look at Novell's iFolder. It allows you to access and sychrnonize files from any internet connected computer and encrypts the data when it is transferred. I believe passwords are encrypted also, but am not certain. We are going to be deploying this at my place in the next few weeks and make it accessible through an ssl vpn (never enough encryption) and it looks like a winner for our project goals.
\"Any sufficiently advanced technology is indistinguishable from magic.\" - Arthur C. Clarke
May 4th, 2004, 05:50 AM
I'm familiar with iFolder, but that's not what I'm looking for. I have some apps running on an internal Apache server with PHP. Users currently have to maintain a separate userID/password for this system. I want to integrate this with our Novell login using LDAP. Maybe then I'll stop hearing "You mean I have to remember *2* different passwords?" Like they don't already remember a gazillion already. Unless all their passwords are the same as their ATM PIN number... Hey! Maybe I can retire early! ;-)