Web Conference 2005
Writing PHP for ITS/ASET Web services
WebAccess and LDAP
|
|
Web Conference 2005Writing PHP for ITS/ASET Web servicesWebAccess and LDAP |
|
| <- Back - Using The Penn State Directory (currently LDAP) | | | Up | | | The Final Word - Next -> |
Here is an example of a main menu for an application that uses both WebAccess and Directory information.
WebAccess provides the authentication. The page will double-check this occurred correctly and obtain information about the account.
A static list (the $managers array) will
be checked to determine if the user has management privileges.
The directory will be consulted to see if the user is
primarily staff. The edupersonprimaryaffiliation attribute will be used
for this.
Finally, the user will be greeted by the name found in cn, the common name.
<?php
$staff = 0;
global $welcome_by_name;
$welcome_by_name = "";
$managers = array(
'jcd' => 1,
);
if( ! isset($_SERVER['REMOTE_REALM']) or ! isset($_SERVER['REMOTE_USER'])){
if(FALSE == strstr($_SERVER["SCRIPT_URI"],"https://php.scripts.psu.edu/webaccess")){
// It looks like we did not go to the WebAccess protected
// URL on php.scripts.psu.edu - let's redirect the user there.
header("Location: https://php.scripts.psu.edu/webaccess" . $_SERVER['PHP_SELF']);
}else{
// It looks like WebAccess is not working for some reason.
// Exit with an error.
print_not_logged_in();
}
}elseif($_SERVER['REMOTE_REALM'] !== "dce.psu.edu"){
print_not_access_account();
}
$query = "uid=" . $_SERVER['REMOTE_USER'];
// To verify ldap.psu.edu is the correct server to use, visit:
// http://aset.its.psu.edu/ldap/
$directory_connection = ldap_connect("ldap.psu.edu");
if($directory_connection){
// an anonymous bind for read-only access
$binding = ldap_bind($directory_connection);
// Base Distinguished Name (DN) for Penn State
$base_dn = "dc=psu,dc=edu";
$search_results = ldap_search($directory_connection, $base_dn, $query);
if(1 !== ldap_count_entries($directory_connection, $search_results)){
print_invalid_directory_entry();
}
$results = ldap_get_entries($directory_connection,$search_results);
if(1 !== $results['count']){
print_invalid_directory_entry();
}
if( isset( $results[0]["edupersonprimaryaffiliation"][0] ) and
$results[0]["edupersonprimaryaffiliation"][0] === "STAFF" ){
$staff = 1;
}
if( isset( $results[0]["cn"][0] ) ){
$welcome_by_name = $results[0]["cn"][0];
$welcome_by_name = preg_replace("/(.*, )?(\w+) .*/","$2",$welcome_by_name);
$welcome_by_name = ucfirst(strtolower($welcome_by_name));
$welcome_by_name = ", $welcome_by_name";
}
ldap_close($directory_connection);
}else{
print_bad_directory_connection();
}
if( isset($managers[$_SERVER['REMOTE_USER']]) ){
print_manager_menu();
}else{
print_welcome();
}
function print_bad_directory_connection()
{
?>
<html>
<body>
<p>Error: Unable to connect to Penn State Directory server</p>
<li><a href="/cgi-bin/logout.pl?http://php.scripts.psu.edu/staff/j/c/jcd/phpclass/">Logout</a>
</body>
</html>
<?php
exit(0);
}
function print_invalid_directory_entry()
{
?>
<html>
<body>
<p>Error: Invalid directory entry.</p>
<li><a href="/cgi-bin/logout.pl?http://php.scripts.psu.edu/staff/j/c/jcd/phpclass/">Logout</a>
</body>
</html>
<?php
exit(0);
}
function print_not_logged_in()
{
?>
<html>
<body>
<p>Error: System did not log you in.</p>
</body>
</html>
<?php
exit(0);
}
function print_not_access_account()
{
?>
<html>
<body>
<p>FPS Accounts not permitted.</p>
<li><a href="/cgi-bin/logout.pl?http://php.scripts.psu.edu/staff/j/c/jcd/phpclass/">Logout</a>
</body>
</html>
<?php
exit(0);
}
function print_manager_menu()
{
global $welcome_by_name;
?>
<html>
<body>
<p>Welcome<?=$welcome_by_name?>. Manager Menu</p>
<ul>
<li><a href="notes.php">Notes</a>
<li><a href="agenda.php">Agenda</a>
<li><a href="calendar.php">Calendar</a>
<li><a href="staffmenu.php">Staff Menu</a>
<li><a href="accounts.php">Account Management</a>
<li><a href="logs.php">Logs</a>
<li><a href="/cgi-bin/logout.pl?http://php.scripts.psu.edu/staff/j/c/jcd/phpclass/">Logout</a>
</ul>
</body>
</html>
<?php
exit(0);
}
function print_welcome()
{
global $welcome_by_name;
?>
<html>
<body>
<p>Welcome<?=$welcome_by_name?>. Main Menu</p>
<ul>
<li><a href="notes.php">Notes</a>
<li><a href="agenda.php">Agenda</a>
<li><a href="calendar.php">Calendar</a>
<?php if($staff === 1){ ?>
<li><a href="staffmenu.php">Staff Menu</a>
<?php } ?>
<li><a href="/cgi-bin/logout.pl?http://php.scripts.psu.edu/staff/j/c/jcd/phpclass/">Logout</a>
</ul>
</body>
</html>
<?php
exit(0);
}
?>
| <- Back - Using The Penn State Directory (currently LDAP) | | | Up | | | The Final Word - Next -> |
|
If you have any questions, feel free to ask me. Content by: Jeff D'Angelo <jcd@psu.edu> © 2005 Last update on: Wed Jun 15, 2005, 11:47:20 PM |
|