. // LDAP authentication. // returns (user, error_msg) where user is an object with // $user->name // $user->email_addr // // your project.inc must define LDAP_HOST and LDAP_BASE_DN // function ldap_auth($uid, $passwd) { $ad = @ldap_connect(LDAP_HOST); if (!$ad) { return array(null, "Can't connect to LDAP server"); } ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ad, LDAP_OPT_REFERRALS, 0); $rn = "uid=$uid,".LDAP_BASE_DN; $r = @ldap_bind($ad, $rn, $passwd); if (!$r) { return array(null, "Invalid credentials"); } $x = ldap_search($ad, $rn, "(objectclass=*)"); $x = ldap_get_entries($ad, $x); $user = new StdClass; $x = $x[0]; $name = $x["cn"]; $user->name = $name[0]; $email = $x["mail"]; $user->email_addr = $email[0]; return array($user, null); } // for LDAP-authenticated users, we store LDAP:uid in user.email_addr // function ldap_email_string($uid) { return "LDAP:$uid"; } function is_ldap_email($x) { return (substr($x, 0, 5) == "LDAP:"); } function ldap_email_to_uid($x) { return substr($x, 5); } function example_usage() { list($user, $error_msg) = ldap_auth("davea", "xxx"); if ($error_msg) { echo "error: $error_msg\n"; } else { echo "name: $user->name; email: $user->email_addr\n"; } } ?>