Web Developer's Virtual Library: Encyclopedia of Web Design Tutorials, Articles and Discussions

WDVL Newsletter
Active Server Pages
JSP/Java Servlets
Microsoft SQL Server
Daily Backup
Dedicated Servers
Streaming Audio/Video
24-hour Support    
jobs.webdeveloper.com

Hiermenus

e-commerce
Partner With Us

Developer Channel
FlashKit.com
JavaScript.com
JavaScriptSource
Developer Jobs
ScriptSearch
StreamingMediaWorld
Web Developer's Journal
Web Developer's Virtual Library
WebDeveloper.com
Webreference
Web Hosts
XMLfiles.com

internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers


A Sample LDAP Application in PHP Page 22

Wrox Press

February 22, 2002

To get started with the application we could upload a sample set of user information into the directory using the ldapadd utility that comes with most LDAP client software and then work with it. A typical sample would look like: 

dn: o=Foo Widgets, c=us
objectclass: top
objectclass: organization
o: Foo Widgets

dn: ou=Engineering, o=Foo Widgets, c=us
objectclass: top
objectclass: organizationalUnit
ou: Engineering

dn: ou=Marketing, o=Foo Widgets, c=us
objectclass: top
objectclass: organizationalUnit
ou: Marketing

dn: mail=faginm@foowi.com, ou=Engineering, o=Foo Widgets, c=us
cn: Fagin
sn: Maddog
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
mail: faginm@foowi.com
ou: Engineering
employeenumber: 3123283622
telephonenumber: 666-767-2000
userpassword: faginm123

dn: mail=maryx@foowi.com, ou=Marketing, o=Foo Widgets, c=us
cn: Mary
sn: Xeyed
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
mail: maryx@foowi.com
ou: Marketing
employeenumber: 3223453622
telephonenumber: 111-767-2000
userpassword: maryx123

Also, if we use OpenLDAP for running the application, so as to effect access control, we need to add the following lines to slapd.conf and restart slapd: 

access to attr=userPassword
        by self write
        by anonymous auth
        by * none

access to *
        by self write
        by dn="cn=Admin,o=Foo Widgets,c=us" write
        by * read

The first block indicates that any user can modify their own password and can bind anonymously to the server to authenticate against the password stored in the respository. The second block indicates that a given user can modify their attributes and so can the admin user. It also indicates that all users have read only access to all other attributes of all other entities - thereby allowing any user to search the directory. For more information on access control in OpenLDAP, see the OpenLDAP administrator's guide.

Summary

In this chapter, we looked at:

  • Directory services in general
  • LDAP as a directory technology
  • Components that make up a typical LDAP setup
  • Characteristics and features that make LDAP the directory technology of choice
  • The four models of LDAP and thereby the underlying mechanisms required for LDAP solutions
  • The software options currently available for LDAP
  • Installation and configuration of an open-source solution
  • The PHP client API for LDAP support
  • A simple application that illustrated the use of the API

Up to => Home / Authoring / Languages / PHP / Pro



Jupiter Online Media: internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and Jupiter Online Media

Jupitermedia Corporate Info


Legal Notices, Licensing, & Permissions, Privacy Policy.

Web Hosting | Newsletters | Tech Jobs | Shopping | E-mail Offers