Multiple Base DNs

Hi
I tried something and it’s seems the multiples base dns work to me can you check on it

https://github.com/haoundz/wpDirAuth

Kind regards

Henda Aoun
junior programmer
Montreal

Dear Handa,

I had a quick look at your code and I do think there is one part missing.

You are now passing an array of baseDNs to ldap_search().
The result of this is also an array of connectionIDs.
Next you have to check in an extra loop with ldap_count_entries() which of these connections is the right one to take into the next step: ldap_first_entry().

At least that is how I implemented it. And it works. See:

if ($preBindUser && $preBindPassword) {
/**
 * Use case 1: Servers requiring pre-binding with admin defined
 * credentials to search for the user's full DN before attempting
 * to login.
 * @see https://dev.wp-plugins.org/ticket/681
 */
if ( $isPreBound = wpDirAuth_bindTest($connection, $preBindUser, $preBindPassword,$baseDn) === true )
{   $connections[]=$connection;
    $connections[]=$connection;
    $baseDns[]=$baseDn;			//DN1
    $baseDns[]="EXTRA DN INFO";		//DN2
    if ( ($results = @ldap_search($connections, $baseDns, $filterQuery, $returnKeys)) !== false )
    {   foreach ($results as $conn)
        {   if(ldap_count_entries($connection, $conn)>0)
            {   $results = $conn;
                break;
            }
        };
        if ( ($userDn = @ldap_get_dn($connection, ldap_first_entry($connection, $results))) !== false )
        {   if ( ($isBound = wpDirAuth_bindTest($connection, $userDn, $password,$baseDn)) === true )
            {  $isLoggedIn = true; // valid server, valid login, move on
               break; // valid server, valid login, move on
            }
        }
    }
}
}

Kind regards,
Ivo

Thank you for your answer
I know but i tested the code and it’s worked perfectly that’s weird but true ,you can test it and tell me the result .
Kind regards

I figured out why it’s work without adding a loop , because of the function
ldap_search support using an array of base DNs you can read more about it on
https://php.net/manual/en/function.ldap-search.php

All cool but sorry doesn’t work on my side.!

The function ldap_search indeed accepts an array of baseDNs as 2nd argument but then it also needs an array of connections as first argument. Without such an array as first argument it doesn’t work at all.

Secondly, ldap_search returns an array of connections (Resource IDs #xxx) and you need to pass only ONE of them into the ldap_first_entry method. Otherwise it won’t work either, which means you need a while loop to investigate which connection contains usefull information. Moreover, ldap_first_entry only accepts non-array arguments.

So I can only get your code working by passing the following into ldap_search:
$connections[]=$connection;
$connections[]=$connection;
ldap_search($connections, $baseDn, …);//2 array arguments; same size.

And then before executing ‘ldap_first_entry($connection, $results)’ do this:
$results=$results[0] or $results=$results[1] or…(this is where you need the for loop to search for useful information, e.g., with ldap_count_entries).

Exactly this is also described on the link you showed in the previous post; see section ‘Example of parallel search’.

Kind regards,
Ivo

Are you planning to support multiple Base DNs in a later version of this plugin?

As of right now, no. Can you give me some more background on your specific situation and what you are needing to accomplish?

I needed a authentication method with non-anonymous pre-binding prior to LDAP login using multiple baseDNs. I have my code working now for my own purposes (see my full code above).

Kind regards,
Ivo