[PHP] php ldap
Hi , I have a ldap server the user password are stored in that. my php ldasearch result says that the result is ldap user password : {SMD5}eRuT8dttD6M6N6tgMJF33/TNAvc= i want to compare this password with the user given password in other application (obviously php) but when i md5(passwordgiven) then it is showing different output. Any suggestions. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: php ldap
then can i output the SMD5 of my password in php. Jeff Loiselle wrote: Santosh Jambhlikar wrote: Hi , I have a ldap server the user password are stored in that. my php ldasearch result says that the result is ldap user password : {SMD5}eRuT8dttD6M6N6tgMJF33/TNAvc= i want to compare this password with the user given password in other application (obviously php) but when i md5(passwordgiven) then it is showing different output. Any suggestions. MD5 and SMD5 are not the same type of encryption. md5() will not return the correct results. -- Santosh Jambhlikar Linux Administrator Cash-Tech Solutions Pride Parmar Galaxy, Pune Maharashtra. Ph. O.:- 56052000 ext. 2150 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: php ldap
$ldaprdn = 'user'; $ldappass = 'userpass'; $ldapconn = ldap_connect(ldap.mydomain.com) or die(Could not connect to LDAP server.); if ($ldapconn) { $ldapbind = ldap_bind($ldapconn,$ldaprdn, $ldappass); if ($ldapbind) { echo LDAP bind successful...; } else { echo LDAP bind failed...; } } this program is giving me *Invalid DN syntax* error. what's wrong? cn for the the user is user Mark Rees wrote: Santosh Jambhlikar [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] then can i output the SMD5 of my password in php. Jeff Loiselle wrote: Santosh Jambhlikar wrote: Hi , I have a ldap server the user password are stored in that. my php ldasearch result says that the result is ldap user password : {SMD5}eRuT8dttD6M6N6tgMJF33/TNAvc= i want to compare this password with the user given password in other application (obviously php) but when i md5(passwordgiven) then it is showing different output. Any suggestions. You could try to bind to the server using ldap_bind with the supplied password. That will check if it is valid or not. MD5 and SMD5 are not the same type of encryption. md5() will not return the correct results. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: php ldap
thanks bartels, ldap_bind is working find i just used uid instead of cn. :) Björn Bartels wrote: that looks good, i think you should better use uid instead of cn... btw, i mentioned some authentication-problem earlier in this list. take a look at the php-manual @ ldap_bind() for a workaround if the same thing is happening to you (testscript works fine, loginscript does not !?!)... You'll find a function there by [EMAIL PROTECTED] which might help you out So should i give $ldaprdn = 'cn=user,ou=Users,dc=mydomain,dc=com'; sorry for that delayed reply... being at work now :) Björn Bartels -Development/IT-Services- -- dbusiness.de gmbh digital business printing gmbh Greifswalder Str. 152 D-10409 Berlin Fon: [0.30] 4.21.19.95 Fax: [0.30] 4.21.19.74 www.dbusiness.de [EMAIL PROTECTED] ftp://dbusiness.dyndns.org -- Santosh Jambhlikar Linux Administrator Cash-Tech Solutions Pride Parmar Galaxy, Pune Maharashtra. Ph. O.:- 56052000 ext. 2150 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Security
also PHP HIT BY ANOTHER CRITICAL FLAW A new security flaw in the PHP Web service protocol used by a large number of Web applications could allow attackers to take control of vulnerable servers. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,104124,00.html Ian C. McGarvey wrote: I have been studying PHP all summer because I wanted to put some PHP code on my schools web site. I got to school and went to the web design teacher. I asked him if they had installed PHP on their server. He said that the district thinks that it would be a HUGE security risk and that people at my school would try to hack into the server (what bull). Anyway, can you give me some tips to make the server secure? Any help would be appreciated! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Security
As this is the php mailing list it is obvious that i should not write against php. but people should know the truth. And it's a news (not by me) that's why i wanted to send link to u peoples. I am sorry if i did something wrong, i am new user in php mailing list. Jasper Bryant-Greene wrote: Santosh Jambhlikar wrote: also PHP HIT BY ANOTHER CRITICAL FLAW A new security flaw in the PHP Web service protocol used by a large number of Web applications could allow attackers to take control of vulnerable servers. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,104124,00.html You are spreading FUD about PHP. Stop it. If you actually *read* the article carefully you will find that not only is this not a PHP bug, but a bug with two XMLRPC libraries written *for* PHP. Not PHP itself. This is completely irrelevant to the original topic, as I didn't see the OP asking for XMLRPC security advice. While you're at it, why not publish an article PHP HIT BY ANOTHER CRITICAL FLAW with the text A new security flaw in my website, which is developed using PHP, surfaced today... Jasper -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php