Results 1 to 4 of 4

Thread: Novell, LDAP, & PHP

  1. #1

    Novell, LDAP, & PHP

    I'd like to use Novell's LDAP server to authenticate website users on an intranet. I've found that I must select the option to allow clear text passwords in order to get it to work. Problem is, I don't want to use clear text passwords (for obvious reasons). Anybody know how do this without using clear text?

    The web server is not running on the same box as the LDAP server and the site uses PHP. Using clear text username/password the code would look something like this...

    <?php

    /* code here to verify username & password entered, don't contain invalid characters, etc */


    $ldap = @ldap_connect("1.2.3.4") or die("Could not connect to LDAP server");
    if ($ldap$)
    $bind_result = @ldap_bind($ldap, "cn=" . $username . ",o=Company", $password) or die("Invalid Login Attempt");


    /* Bunch of other code here */

    ?>

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'm no programmer but I would think that unless you can generate a suitable hash of the password you won't be able to authenticate in anything but clear text.

    It's a long time since I played with Novell but I have to guess that the authentication works a lot like windows where the password itself doesn't get sent, a hash of it does.

    But it's possible I'm mislead..... been a long time since I looked at the details of AD authentication.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Junior Member
    Join Date
    Nov 2003
    Posts
    15
    I don't know your end goals for the project, but you may want to look at Novell's iFolder. It allows you to access and sychrnonize files from any internet connected computer and encrypts the data when it is transferred. I believe passwords are encrypted also, but am not certain. We are going to be deploying this at my place in the next few weeks and make it accessible through an ssl vpn (never enough encryption) and it looks like a winner for our project goals.
    \"Any sufficiently advanced technology is indistinguishable from magic.\" - Arthur C. Clarke

  4. #4
    I'm familiar with iFolder, but that's not what I'm looking for. I have some apps running on an internal Apache server with PHP. Users currently have to maintain a separate userID/password for this system. I want to integrate this with our Novell login using LDAP. Maybe then I'll stop hearing "You mean I have to remember *2* different passwords?" Like they don't already remember a gazillion already. Unless all their passwords are the same as their ATM PIN number... Hey! Maybe I can retire early! ;-)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •