All geek questions in one place

Creating an LDAP Server Using PHP

I am looking to create a PHP web application that receives LDAP requests and sends LDAP responses, but does not actually use an LDAP server. In particular, I would like to make the contact table in the MySQL database available to Thunderbird as an LDAP address book.

Two questions:

  • Is there an existing library for implementing an LDAP server with PHP? (The PHP_LDAP package is designed to create an LDAP client where a PHP application connects to an existing LDAP server.)

  • How does LDAP data really get from a client in my script? Does LDAP pass through HTTP? Where the request appears in:

    $HTTP_RAW_POST_DATA

or something similar? Can Apache process LDAP requests and pass them to my script or is it a completely different protocol that requires the use of a different listener application?

+6
source share
3 answers

The LDAP protocol is not processed by Apache Apache, and I have not seen any Apache modules that process this protocol. I do not believe that you can do this using PHP through Apache. Perhaps you can implement a clean PHP server (see http://php.net/manual/en/function.stream-socket-server.php ), and then implement the LDAP protocol parser in PHP as well. I do not believe that PHP has its own ASN1 parser, but you can find it in C and integrate it somehow.

+3
source

While I was working with a really smart developer who said that he implemented a working LDAP client / server in PHP. He published it under the MIT license here: https://code.google.com/p/ldap-php/ .

I have no idea what this condition is.

0
source

You can create a clean LDAP PHP server with this library (I wrote it originally for the purposes of the LDAP client):

https://github.com/FreeDSx/LDAP

It works based on a request handler (interface only) for client requests. Basically, you extend a class that will handle client requests and send a response back (in the case of a search anyway). Basic example:

  • Create a request handler that extends the general request handler in the library:
 namespace Foo; use FreeDSx\Ldap\Server\RequestHandler\GenericRequestHandler; class LdapRequestHandler extends GenericRequestHandler { /** * @var array */ protected $users = [ 'user' => '12345', ]; /** * Validates the username/password of a simple bind request * * @param string $username * @param string $password * @return bool */ public function bind(string $username, string $password): bool { return isset($this->users[$username]) && $this->users[$username] === $password; } /** * Override the search request. This must send back an entries object. * * @param RequestContext $context * @param SearchRequest $search * @return Entries */ public function search(RequestContext $context, SearchRequest $search): Entries { // Do your logic here with the search request, return entries... return new Entries( Entry::create('cn=Foo,dc=FreeDSx,dc=local', [ 'cn' => 'Foo', 'sn' => 'Bar', 'givenName' => 'Foo', ]), Entry::create('cn=Chad,dc=FreeDSx,dc=local', [ 'cn' => 'Chad', 'sn' => 'Sikorra', 'givenName' => 'Chad', ]) ); } }
  1. Using the request handler, create an LDAP server process that listens on port 389 for clients:
 use FreeDSx\Ldap\LdapServer; use Foo\LdapRequestHandler; $server = new LdapServer([ 'request_handler' => LdapRequestHandler::class ]); $server->run();

There are more documents here on the server component of the library:

https://github.com/FreeDSx/LDAP/tree/master/docs/Server

A few caveats:

  • Currently paging / vlv server support for server
  • There is currently no way to return controls from the request handler back to the client.
0
source

Source: https://habr.com/ru/post/888376/

More articles:


All Articles