php_auth_nds

Adding NDS authentication and attributes reading to PhP

Purpose:

As an alternative to the mod_auth_nds Apache module, Petr Vandrovec have added to ncpfs a PHP module that add NDS authentication functions to PHP scripts. If authentication succeeded, the PHP login script should store some data in a PHP session. All related scripts will check the session for the NDS data and eventually redirect to the login script if they are missing or outdated.

We added to these authentication fonctions a parameter with a list of contexts to search, and for a optional 'control NDS group'. If present, authentification will be granted if login/password match and if user if member of that NDS group. The equivalent of require group in Apache directives.

We added two functions to read NDS attributes (as string or as int) so that the 'PHP login script' could retrieve some attributes from NDS ( Full Name, Employee ID, Email ...) and store them in the session for the other scripts usage.

Requirements:

ncpfs version 2.2 installed and operational (slist) on the Linux box.
in a pure IP environment you must use auth_nds and the new read_nds_*2 calls as per revision 1.07

Usage:

cd contrib/php && make && m&ke install
Restart Apache and check /var/log/httpd/error_log...

Some real life examples:

for a sample site with authentication and NDS attributes reading see the contrib/php/site directory in ncpfs release.

Reference of new php functions

List the php functions

Download:

Version 1.04 is included in current ncpfs release (contrib/php)
Version 1.06 has contexless login against NDS tree (not servers) and some minors fixes.
Version 1.07 has 2 new functions read_nds_int2 and read_nds_string2 that accept a servername, instead of a treename to fetch NDS properties in a pure IP environment where attaching to tree often fails..

History:

1.00  2000, September 30        Petr Vandrovec 
                Initial revision, used on dialog.cvut.cz.

1.01  2001, January 10          Petr Vandrovec 
                Further polishing, used on cdonline.cvut.cz.

1.01  2001, February 19         Petr Vandrovec 
                Added license, polished for release, added sample code.

1.02  2001, March 25            Patrick Pollet
                Added some NWDSFreeContext in case of errors
                Added group parameter (NDS name or bindery)

1.03  2001, March 28            Patrick Pollet
                Added NDS reading attribute functions
                        string read_nds_string (tree, object, attribute)

1.04  2001, October 27  Patrick Pollet
     Added nds_tree_auth allowing a tree name and a list of context to be searched
     Simplified code by adding internal  CreateCtx and CreateCtxAndConn (called by all NDS
      related functions)

1.05 2002 May 17,       Patrick Pollet
      Added contextless login when authenticating to NDS tree

1.06 2003 Feb 20        Patrick Pollet
     -Use NWCCOpenConnByName instead of ncp_open in nds_auth_fn (auth against a NDS server)
     -Corrected the code of nds_read_int_fn that **was** returning the value
     converted to string (!) so boolean returned true/false and time stamp
     were converted to localized time...
     Now it return the numeric value (still in a PHP string) .

1.07 2003 July 22	Patrick Pollet  
			added read_nds_string2 and read_nds_int2 to fetch NDS data against a server in a pure IP
		environnment where NWCXAttachTotreeByName usually fails with err 08847

TODO:

Now that the nds_read_int_fn does what its name say, one should add a function that does what is was doing before (i.e. calling NWCXGetAttributeValueAsString() that return either a real string or a "human readable" integer.

Vous êtes notre eme visiteur