Slurping out a users full name (not login!) under windows

Freaek

G'day, got a tricky (for me at least) question for yez.

As detailed in a different thread, I currently use win2k and iis 5 to pull the username out and into my pages. It has been asked of me if I can also slurp out the users full name as well.

Someone suggested that I should be able to do it via ntlm, but my knowledge is lacking in this area 🙁

So, in short, I use $_SERVER['REMOTE_USER'] to get jsmith, and I wish to find out if there is a way I can get John Smith as well.

thanks in advance 🙂

goa103

Hi,

I think you can do it with VB/ASP but the Win32API for PHP is so experimental! I tried to GetUserName and the function failed because it doesn't support C/C++ pointers.

Freaek

do'h, thanks goa103 :/

I know nfi about vb/asp tho, got a code snippet I could play around with? 🙂 🙂

Francois

As explained here : http://www.phpbuilder.com/board/showthread.php?s=&threadid=10221529

instanciate then your object :

$myVar = new COM(...
$myFullName = $myVar->FullName ;

FullName beeing a property such as login, or last_connected etc.

goa103

I am not sure It can work because there's a security layer between PHP and the OS. Imagine what you could do with all the Windows COM objects! You could get the whole address book of someone, get its cookies... everything. That's why it askes for a confirmation before installing an ActiveX components.

So I don't think It can work. Only the DLL of a server could access these informations.

Francois

I can ensure you this works like a charm 😃

As PHP is a server-side component, its just a matter of programming skills. If you do some dirty code, yes you will expose your network to security issues. Otherwise you wont.

fishea

yo, if you're on a network with an AD server that allows anonymous read-only access, you can query it with LDAP and get the user's full name. I do it all the time. you can too!

jpmoriarty

fishea that's exactly what i'm trying to do too! Is there any chance you could post some code or a link to some good tutorials? I've played around with the LDAP functions but am having difficulty getting it to work.

If you could post code with a little description of what it's doing/ how to modify it then you'd sure make me a happy chappie!

fishea

hey yeah, here's my ldap abstraction classes. there's a syntax description up near the top. you'll need to

a) take out any refereneces to $sysdefobj, which is my global system defaults thing, and replace it with actual stuff; the naming should explain what the stuff in question is but email me if you still need to know.

b) you need LDAP support loaded and

c) the CN and name filter will vary depending on yr AD configuration, but I use

cn=Users,dc=domain,dc=com

... for the CN and

(&(objectClass=user)(|(userPrincipalName=#N#)(name=#N#)(displayname=#N#)(cn=#N#)))

for the namefilter, where #N# is the user's name (herein subbed in with regexps before the query as you will see in the convenience method queryForName().)

share and enjoy

-fish

<?php

///
///
///
/// LDAP access abstraction library
/// by fish, january 2003

/// includes
/// system defaults
require_once("sysdefaults.php");

/// debugger
require_once("debugger.php");

/// globalized ldap connection interface
global $ldap;
//$ldap = new LDAPConnection();
//$ldap->open();

/// syntax:
/// $ldap = new LDAPConnection();
/// $ldap->open();
/// $result = $ldap->query($dn, $filter);
/// (or:
/// $result = $ldap->queryForName("fish"); /// ???
/// )
/// $san = $result->getAttribute("samaccountname");
/// $result->close();
/// $ldap->close();

class LDAPConnection {
var $ldap_connection;
var $ldap_binding;

var $ldap_server;
var $ldap_username;
var $ldap_domain;
var $ldap_password;

var $ldap_isopen;

function LDAPConnection() {
	/// get connection info from session
	$this->ldap_server = $_SESSION['ldap_server'];
	$this->ldap_username = $_SESSION['ldap_username'];
	$this->ldap_domain = $_SESSION['ldap_domain'];
	$this->ldap_password = $_SESSION['ldap_password'];

	$this->ldap_isopen = false;
}

function open() {
	global $debug;

	if (!$this->ldap_isopen) {
		/// open connection
		$this->ldap_connection = @ldap_connect("ldap://".$this->ldap_server);
		if ($this->ldap_connection == false) {
			$debug->println("ERROR: LDAP Connection no workie. ldap = ".$this->ldap_connection."", 1);
			return false;
		} else {

			/// bind with userID and password
			$this->ldap_binding = @ldap_bind($this->ldap_connection, ($this->ldap_username."@".$this->ldap_domain), $this->ldap_password);
			if ($this->ldap_binding == false) {
				$debug->println("ERROR: LDAP Binding failed. binding = ".$this->ldap_binding.", ldap = ".$this->ldap_connection."", 1);
				return false;
			} else {
				$this->ldap_isopen = true;
				return true;
			}
		}
	}
}

function close() {
	if ($this->ldap_isopen) {
		$out = true;

		$out = ldap_close($this->ldap_connection);
		unset($this->ldap_connection);

		$this->ldap_isopen = false;
		return $out;
	} else {
		return false;
	}
}

function query($ldap_dn, $ldap_filter) {
	if ($this->ldap_isopen) {
		return new LDAPResult($this->ldap_connection, $ldap_dn, $ldap_filter);
	} else {
		return false;
	}
}

function queryForName($namename) {
	global $sysdefobj;

	$dn = $sysdefobj->getValue("ldap_dn");
	$namefilter = $sysdefobj->getValue("ldap_namefilter");
	$namefilter = preg_replace("/#N#/", $namename, $namefilter);

	return $this->query($dn, $namefilter);
}

}

class LDAPResult {
var $ldap_connection;
var $ldap_dn;
var $ldap_filter;

var $ldap_result;
var $ldap_info;

var $ldap_success;

var $ldap_fieldcount;

function LDAPResult($ldap_connection, $ldap_dn, $ldap_filter) {
	global $sysdefobj;
	global $debug;

	$this->ldap_connection = $ldap_connection;
	$this->ldap_dn = $ldap_dn;
	$this->ldap_filter = $ldap_filter;
	$this->ldap_success = false;
	$this->ldap_fieldcount = 0;

	$this->ldap_result = ldap_search($this->ldap_connection, $this->ldap_dn, $this->ldap_filter);

	if ($this->ldap_result != false) {
		$this->ldap_info = ldap_get_entries($this->ldap_connection, $this->ldap_result);

		if ($this->ldap_info != false) {
			$this->ldap_success = true;
		}
	} else {
		/// SIREN CAUTION WARNING
		$debug->println("WARNING: LDAPResult::construct(): ldap_search() returned false", 2);
	}
}

function close() {
	/// apparantly we don't need to deallocate the output shit here
	$this->ldap_connection = false;
	$this->ldap_success = false;
}

function getCount() {
	if ($this->ldap_success) {
		return intval($this->ldap_info['count']);
	} else {
		return -1;
	}
}

function getField($idx, $num = 0) {
	$out = false;
	if ($this->ldap_success) {
		$out = $this->ldap_info[$this->ldap_fieldcount][$idx][$num];
	}

	return $out;
}

function getNext($idx) {
	$this->ldap_fieldcount++;
	$out = false;
	if ($this->ldap_success) {
		$out = $this->ldap_info[$this->ldap_fieldcount][$idx];
	}

	return $out;
}

function getFields() {
	if ($this->ldap_success) {
		return $this->ldap_info;
	} else {
		return false;
	}
}

function reset() {
	$this->ldap_fieldcount = 0;
}

}

jpmoriarty

ah man that sounds so like what i need to do but i'm buggered if i can understand what's going on!

My first aim is to get a script that goes to the AD and returns all the users full names. Then if someone could tell me how to go and get other information (like address, phone number, email etc) which can all be stored in there too (as far as I'm aware) then I'd be onto a real winner.

I tried using NTDS tonight but that only got me as far as getting user name and full name - nothing else.

The thing I really dont get are all these o, ou, cn, sn, dc etc commands that i cant find a description for anywhere! And people say things like "dc=domain", but i dont know if you mean i should enter my domain into dc (ie dc=architenlandrell) or if i should leave it as is!

The NTDS path that I used was:

ntds://architen.architenlandrell.com/Architen Landrell/users.chepstow

if that helps - if someone could explain to me how i use all that LDAP stuff above to get into the store i've just given then I'd be over the moon.