Friday, 25 May 2007

Getting LDAP working

Ok now, I have read about LDAP on and off for years but I have never reached a point where I needed to write some code. That is till now. The current version of WebPA is authenticated by Loughborough University’s own bespoke script. But this is no good if we are going to open source the system. Therefore after a fairly swift poll of the project partner and the other potential pilot the opportunity to use LDAP arose.

PHP has LDAP fully integrated and it is just a case of creating a connection and pointing the call at the LDAP server. However obtaining information like “What is the server address ?“ can be difficult with in institutions. Information like this is often a closely guarded secret. However in the end I did find out the information I wanted to know. So I could get straight on and test my code.

The first problem I encountered was, not being able to bind to the server with my username and password. I scratched my head for a bit and thought. Some times as a developer you can be completely in isolation even if you share an office with others who write in your language, especially if you are the first to implement something. That is how I have felt all week. Eventually I did have a eureka moment and figure out that I needed to add the domain elements on to the username I was entering. I should have known this as I did do networks at Uni, but as with things you learn along time ago, the disappear form you head.

However, no sooner than my eureka moment and then I was back in the doldrums again. I could bind but not search! I had an idea of what was in the LDAP tree, but could not be sure. In the end my search lacks a filter, thus pulls back the whole tree for the variable I’m interested in. But that is a success, and I now have a LDAP authentication class that I can just plug into WebPA, and an almost complete design document, so I am happy this week.

Next week will be here all too soon and I will need to try and do a weeks worth of work in one day, so that I can get off on my holidays with no worries. I know that this will never happen, and I will still leave some things incomplete.

No comments: