External user interface for ActiveDirectory, LDAP, individual databases
In Weblication® CMS GRID, public users can also be used from various external user systems such as ActiveDirectory, LDAP or individual user databases. The users from the external user databases can be used in parallel with other user administrations and the internal Weblication® CMS GRID user administration. This eliminates the time-consuming, multiple maintenance of users in different systems.
Operation
Weblication® CMS GRID offers you full flexibility when connecting external user databases. The module for external user interfaces is designed in such a way that only the user data needs to be transferred to the software. Whether you want to make users from Active Directory, OpenLDAP, a mySQL database, etc. usable in the system makes no difference to Weblication® CMS GRID.
Using an AD connection as an example, we have shown you a possible connection of an external user interface. You can then use the users provided from the external user database in Weblication® CMS GRID via the PHP framework.
Example: Test script for authentication via Active Directory
Beispiel: Testskript für Authentifizierung über Active Directory
<?php
print "<h3>ADS-PHP Test</h3>";
//
// Dieses Script kann dazu genutzt werden,
// um einen Benutzer gegen ein Active Directory zu authentifizieren
// und so über die Weblication Benutzer-Schnittstelle einzuloggen.
//
// Zu prüfender Benutzer
$loginUserName = "yourUserName";
$loginUserPass = "yourPassword";
// Active Directory Verbindungsdaten (bitte an Ihr System anpassen)
$adData['adServerIp'] = "yourads.dd"; // ADS Server IP-Adresse oder Name
$adData['adServerPort'] = 389; // ADS Server Port
$adData['bindDn'] = 'CN=searchUserName,CN=Users,DC=company,DC=local'; // Search user
$adData['bindPass'] = 'searchUserPassword'; // Search user Passwort
$adData['baseDn'] = 'CN=Users,DC=company,DC=local'; // baseDn
$result = wCheckUserAd($loginUserName, $loginUserPass, $adData);
if($result){
$errStr = "Access granted for user <b>$loginUserName</b>!<br>";
print "<div style="font-family:verdana;font-size:11px;color:#FFFFFF;background-color:green;margin:2px;padding:2px">$errStr</div>";
}
else{
$errStr = "Access denied for user <b>$loginUserName</b>!<br>";
print "<div style="font-family:verdana;font-size:11px;color:#FFFFFF;background-color:#FF0000;margin:2px;padding:2px">$errStr</div>";
}
//*********************************************************************************/
/**
* @method Boolean wCheckUserAd(String userName, String userPass, Array adData)
*
* @description Prüft, ob sich ein Benutzer einloggen kann
*
* @param String userName Benutzername des zu prüfenden Benutzers
*
* @param String userPass Passwort des zu prüfenden Benutzers
*
* @param Array adData Active Directory Verbindungsdaten
*
* @return Boolean
*
*/
//*********************************************************************************/
function wCheckUserAd($userName, $userPass, $adData){
$login = false;
$ldap = @ldap_connect($adData['adServerIp'], $adData['adServerPort']);
if(!is_resource($ldap)) {
$errStr = 'AD Connection Error. Check AD-Server availability.';
return $login;
}
// je nach Umgebung ggf. erforderlich, wenn Fehler (z.B. "LDAP Operations error") auftreten
/*
ldap_set_option ($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
*/
$bind = @ldap_bind($ldap, $adData['bindDn'], $adData['bindPass']);
if(!$bind){
return $login;
}
$filter = "(&(objectClass=user)(samaccountName=$userName))";
$attributes = array('dn', 'cn');
$search = @ldap_search($ldap, $adData['baseDn'], $filter, $attributes);
$result = @ldap_get_entries($ldap, $search);
$userDn = $result[0]['dn'];
if(!$userDn){
return $login;
}
@ldap_close($ldap);
$ldap = @ldap_connect($adData['adServerIp'], $adData['adServerPort']);
if(!is_resource($ldap)) {
$errStr = 'AD Connection Error. Check AD-Server availability.';
return $login;
}
$bind = @ldap_bind($ldap, $userDn, $userPass);
if($bind){
$login = true;
}
@ldap_close($ldap);
return $login;
}
?>