Well spotted with the ldap problem. I am running this on a new box, so thats my excuse!
However I still see [code] Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\Program Files\xampp\htdocs\OpenAudit\include_ldap_login.php:1) in C:\Program Files\xampp\htdocs\OpenAudit\include_ldap_login.php on line 2
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\Program Files\xampp\htdocs\OpenAudit\include_ldap_login.php:1) in C:\Program Files\xampp\htdocs\OpenAudit\include_ldap_login.php on line 2
Warning: Cannot modify header information - headers already sent by (output started at C:\Program Files\xampp\htdocs\OpenAudit\include_ldap_login.php:1) in C:\Program Files\xampp\htdocs\OpenAudit\include_ldap_login.php on line 5 [/code]
The start of my index.php reads...
[code] <?php include "include_ldap_login.php"; /** * * @version $Id: index.php 24th May 2007 * * @author The Open Audit Developer Team * @objective Index Page for Open Audit. * @package open-audit (www.open-audit.org) * @copyright Copyright (C) open-audit.org All rights reserved. * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see ../gpl.txt * Open-Audit is free software. This version may have been modified pursuant * to the GNU General Public License, and as distributed it includes or * is derivative of works licensed under the GNU General Public License or * other free or open source software licenses. * See www.open-audit.org for further copyright notices and details. * */ $page = ""; $extra = ""; $software = ""; $count = 0; ...[/code]
include_ldap_login.php reads..
[code] <?php session_start(); if(!isset($_SESSION["username"])) { header('Location: ldap_login.php'); exit; } //echo "distinguishedName is: " . $_SESSION["fqdn"] . "<BR>"; //echo "Username: " . $_SESSION["username"] . "<BR>"; ?> [/code]
and ldap_login.php reads..
[code] <?php //If you wish to force SSL //if ($_SERVER["SERVER_PORT"]!=443){ header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']); exit(); } session_start(); // # LDAP settings from config file include "include_config.php";
// When you view Active Directory with using LDAP, the Members attribute is not populated with the Primary group. // Domain Users is the primary group by default. The groupname variable cannot be the Primary group. $group_name_attributes = array("member", "name", "cn", "sAMAccountName"); // Here is an example of how to search one group //$group_name_filter = "(&(objectClass=group)(sAMAccountName=Domain Admins))";
// Here is an example of how to search two groups $group_name_filter = "(&(objectClass=group)(|(sAMAccountName=OpenAuditUser)(sAMAccountName=Domain Admins)))";
// Set variables to those defined in include_config.php $server = $ldap_server; $domain = $management_domain_suffix; $basedn = $ldap_base_dn;
// Page to redirect to for initial logon or failed logon $script=$_SERVER['SCRIPT_NAME'];
// Page to redirect to after successful authentication // If you have index.php as a default document use this //$page = "/"; // Explicitly provide index page $page = "/index.php";
if (isset($_POST['username'])) { // Get username and password information from POST $username=$_POST['username'];
//The username must include the Active Directory UPN suffix //Remove domain prefix $pre = explode(chr(92),$username,2); if (isset($pre[1])) { $username=$pre[1]; } //Check for domain suffix $suf = explode(chr(64),$username,2); if (isset($suf[1])) { $username_plus_upn = $username; $username = $suf[0]; } else { //Add domain suffix $username_plus_upn = $username . "@" . $domain; }
$password=$_POST['password']; //$pwd_md5 = '{MD5}' . base64_encode(pack('H*',md5($password))); //$password = $pwd_md5; $connect = ldap_connect($server); // Connect if (!($connect)) { session_destroy(); header('Location: '.$script); die ("Could not connect to LDAP server"); } // Set AD specific options ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); // Bind to directory using username and password //$bind = ldap_sasl_bind($connect, $username_plus_upn, $password); $bind = ldap_bind($connect, $username_plus_upn, $password); if (!($bind) || ($username=="") || ($password=="")) { session_destroy(); // Close the connection ldap_unbind($bind); header('Location: '.$script); die ("Could not bind with account $username"); } // Query AD for fqdn to be used in check for group membership $sr = ldap_search($connect, $basedn, "(&(objectClass=user)(objectCategory=person)(|(sAMAccountName=$username)))"); $info = ldap_get_entries($connect, $sr); $fullname=$info[0]["displayname"][0]; $fqdn=$info[0]["dn"];
//Check for group membership $sr=ldap_search($connect, $basedn, $group_name_filter, $group_name_attributes); $info = ldap_get_entries($connect, $sr); for ($i=0; $i<$info["count"]; $i++) { for ($j=0; $j<count($info[$i]["member"])-1; $j++) { // Create SESSION variable if username is a member groupname if ($info[$i]["member"][$j] == $fqdn) { $_SESSION["username"]=$username; $_SESSION["token"]=$password; $_SESSION["fullname"]=$fullname; $_SESSION["fqdn"]=$fqdn; // Close the connection ldap_unbind($bind); header('Location: '.$page); exit; //{break;} } } } session_destroy(); header('Location: '.$script); exit; } else { ?> <html> <head> <title>Open-AudIT Login</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta http-equiv="expires" content="0"> <meta http-equiv="pragma" content="no-cache"> </head> <SCRIPT LANGUAGE="JavaScript"> <!-- document.onmousedown=click; function click() { if (event.button==2) {alert('Right-clicking has been disabled by the administrator.');} } //--></SCRIPT> <div align="center"> <form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>"> <div align="center"> <table width="210" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="center"> <fieldset> <Legend><font face="Verdana,Tahoma,Arial,sans-serif" size="1" color="gray">Enter Credentials</font></Legend> <table border="0" cellspacing="3" cellpadding="0"> <tr> <td align="right" valign="middle"><b><font face="Verdana,Tahoma,Arial,sans-serif" size="1" color="gray">Username:</font></td> <td align="center" valign="middle"> <input class="clear" type="text" size="15" name="username"> </td> </tr> <tr> <td align="right" valign="middle"><b><font face="Verdana,Tahoma,Arial,sans-serif" size="1" color="gray">Password:</font></td> <td align="center" valign="middle"> <input class="pass" type="password" size="15" name="password"> </td> </tr> </table> <input type="submit" value="Submit"> <br> </div> </td> </tr> </fieldset> </table> <br> <table width="640"><tr><td align="center"> <font face="Verdana,Tahoma,Arial,sans-serif" size="1" color="silver">This System is for the use of authorized users only.</font> </td></tr></table> </div> </form> </div> </body> </html> <?php die (); } ?> [/code]
_________________ Andrew
[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home) LDAP: Active Directory[/size]
|