Monday, December 21, 2009

Using PHP to edit LDAP

Using the PHP LDAP calls

Before you can use the LDAP calls you will need to know :
- The name or address of the directory server you will use
- The "base dn" of the server (the part of the world directly that is held on this server, which could be "o=My Company, c=US")
- Whether you need a password to access the server (many severs will provide read access for an "anonymous bind" but require a password for anything else)
-----

The typical sequence of LDAP calls you will make in an application will follow this pattern:
---
ldap_connect() // establish connection to server
|
ldap_bind() // anonymous or authenticated "login"
|
do something like search or update the directory and display the results
|
ldap_close() // "logout"
---

Using the PHP LDAP ldap_connect
---
// LDAP Variables
$ldaphost = "ldap.example.com"; // your ldap servers
$ldapport = 389; // your ldap server's port number

// Connecting to LDAP
$ldapconn = ldap_connect ($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");

?>
---

Using the PHP LDAP ldap_bind
---
// Using ldap bind
$ldaprdn = "username"; //ldap rdn or dn
$ldappass = "password"; //associated password

// connect to ldap server
$ldapconn = ldap_connect("ldap.example.com")
or die("Could not connect to LDAP server.");

if ($ldapconn) {

//binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

// verify binding
if ($ldapbind) {
echo "LDAP bind successful ...";
} else {
echo "LDAP bind failed ...";
}

}
?>
---

Using The PHP LDAP ldap_modify
---
$newinfo[attribute name]="value";
ldap_modify($ldapconn,"dn name",$newinfo);
---


Problem records
---
Q1. "Fatal error: Call to undefined function ldap_connect() ..."
A1. Edit php.ini (directory = C:/windows/php.ini) and ignore ";" on this line ";extension=php_ldap". And copy these two files "libeay32.dll" & "ssleay32.dll" from php folder to "WINDOWS/SYSTEM or SYSTEM32. Remember to disable firewall. Finally restart apache service.

Q2. Error Message : "Warning: ldap_mod_add() [function.ldap-mod-add]: Modify: Object class violation in C:\AppServ\www\addattribute.php on line 32"
A2. Because when you add a new objectClass and this objectClass include some "MUST" attributes. So when you add this new objectClass, you should add its "MUST" attribute together.

Q3.
A3.
---

Related Infomation
---
1. http://www.samba.org/samba/docs/man/Samba-Developers-Guide/pwencrypt.html
2. http://www.linuxtopia.org/online_books/network_administration_guides/samba_reference_guide/18_passdb_23.html
3. http://www.php.net/manual/en/function.ldap-bind.php
4. http://php.freehostingguru.com/function.php-ldap_add.php
---

Sunday, December 20, 2009

How to write C Program under Linux system

Editor : Using "vi"
Compiler : Using "gcc"

Hands-on
1. vi hello.c
2. start writing :
---------
#include
main(void){
printf("Hello C World !\n");
}
---------
3. Start compile :
---
#gcc -o hello.out hello.c
---
4. Start running :
---
# ./hello.out
---

5. Finished


C Program's IDE under linux system : RHIDE

Sunday, December 13, 2009

LDAP-Samba


Other Information
1. sambaSID=uidNumber*2+1000


LDAP Special Attributes for sambaSamAccounts


The sambaSamAccount ObjectClass is composed of the attributes shown in next tables:
Part A, and
Part B.

Table10.3.Attributes in the sambaSamAccount ObjectClass (LDAP), Part A






























































sambaLMPassword
The LanMan password 16-byte hash stored as a character
representation of a hexadecimal string.

sambaNTPassword
The NT password 16-byte hash stored as a character
representation of a hexadecimal string.

sambaPwdLastSet
The integer time in seconds since 1970 when the
sambaLMPassword and sambaNTPassword attributes were last set.

sambaAcctFlags
String of 11 characters surrounded by square brackets [ ]
representing account flags such as U (user), W (workstation), X (no password expiration),
I (domain trust account), H (home dir required), S (server trust account),
and D (disabled).

sambaLogonTime
Integer value currently unused.

sambaLogoffTime
Integer value currently unused.

sambaKickoffTime
Specifies the time (UNIX time format) when the user
will be locked down and cannot login any longer. If this attribute is omitted, then the account will never expire.
Using this attribute together with shadowExpire of the shadowAccount ObjectClass will enable accounts to
expire completely on an exact date.

sambaPwdCanChange
Specifies the time (UNIX time format)
after which the user is allowed to change his password. If this attribute is not set, the user will be free
to change his password whenever he wants.

sambaPwdMustChange
Specifies the time (UNIX time format) when the user is
forced to change his password. If this value is set to 0, the user will have to change his password at first login.
If this attribute is not set, then the password will never expire.


sambaHomeDrive
Specifies the drive letter to which to map the
UNC path specified by sambaHomePath. The drive letter must be specified in the form “X:
where X is the letter of the drive to map. Refer to the “logon drive” parameter in the
smb.conf(5) man page for more information.

sambaLogonScript

The sambaLogonScript property specifies the path of
the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path
is relative to the netlogon share. Refer to the
logon script parameter in the
smb.conf man page for more information.

sambaProfilePath
Specifies a path to the user's profile.
This value can be a null string, a local absolute path, or a UNC path. Refer to the

logon path parameter in the smb.conf man page for more information.

sambaHomePath
The sambaHomePath property specifies the path of
the home directory for the user. The string can be null. If sambaHomeDrive is set and specifies
a drive letter, sambaHomePath should be a UNC path. The path must be a network
UNC path of the form \\server\share\directory. This value can be a null string.
Refer to the
logon home
parameter in the smb.conf man page for more information.

Table10.4.Attributes in the sambaSamAccount ObjectClass (LDAP), Part B




























sambaUserWorkstations
Here you can give a comma-separated list of machines
on which the user is allowed to login. You may observe problems when you try to connect to a Samba domain member.
Because domain members are not in this list, the domain controllers will reject them. Where this attribute is omitted,
the default implies no restrictions.

sambaSID
The security identifier(SID) of the user.
The Windows equivalent of UNIX UIDs.

sambaPrimaryGroupSID
The security identifier (SID) of the primary group
of the user.

sambaDomainName
Domain the user is part of.


The majority of these parameters are only used when Samba is acting as a PDC of
a domain (refer to
Domain Control, for details on
how to configure Samba as a PDC). The following four attributes
are only stored with the sambaSamAccount entry if the values are non-default values:


  • sambaHomePath




  • sambaLogonScript




  • sambaProfilePath





  • sambaHomeDrive


These attributes are only stored with the sambaSamAccount entry if
the values are non-default values. For example, assume MORIA has now been
configured as a PDC and that
logon home = \\%L\%u was defined in
its smb.conf file. When a user named “becky” logs on to the domain,
the

logon home string is expanded to \\MORIA\becky.
If the smbHome attribute exists in the entry “uid=becky,ou=People,dc=samba,dc=org”,
this value is used. However, if this attribute does not exist, then the value
of the
logon home parameter is used in its place. Samba
will only write the attribute value to the directory entry if the value is
something other than the default (e.g., \\MOBY\becky).

Wednesday, December 2, 2009

My Working Journal

Today i begin my working journal.
Purpose of this journal is to clearly know what to do.