4

Ok, I have gone through almost every question, PHP Manual and post around this issue all over the internet. Nothing seems to help.

I'm working on a project that needs me to authenticate (or at least be able to lookup the UID for) different users in my organisation on an Active Directory. For connecting and authenticating, they have provided me with a dll file which has the functions necessary to authenticate. I need to use this dll file and the functions within to get my application working.

Below are the different things I have tried so far along with errors for each.

  1. Use dl() to load the DLL.

I tried using

dl('filename.dll');

and got the error

Call to undefined function dl() in C:\xampp\htdocs\OOP_curater\index.php on line 16

After looking around I came across this and this I realized it's no more supported.

I then tried placing the dll in C:\xampp\php\ext and adding an extention line to php.ini. (Just for the heck of it) restarting php gave me an error message saying it's not a valid PHP extention.

  1. Tried using COM()

I then tried using 

$action = new COM("ProjectName.FunctionName") or die ("Could not initialise MS Word object.");

and got the following error

Fatal error: Uncaught exception 'com_exception' with message 'Failed to create COM object `ProjectName.FunctionName': Invalid syntax ' in C:\xampp\htdocs\OOP_curater\index.php:3 Stack trace: #0 C:\xampp\htdocs\OOP_curater\index.php(3): com->com('FBA_Provider1.a...') #1 {main} thrown in C:\xampp\htdocs\OOP_curater\index.php on line 3

Looking around got me to links similar to this. I realized I need to register the DLL so tried

regsvr32 C:\xampp\htdocs\OOP_curater\filename.dll

and got the error 

DllRegisterServer entry point was not found

I then tried

regsvr32 /i /n C:\xampp\htdocs\OOP_curater\filename.dll

and got a "DLL Install was not found" error.

I must admit, I'm still not sure if I got the (Projectname.FunctionName) part right, i really could not understand most of the documentation around this topic.

  1. Tried using DOTNET()

I then tried the following code

$comobj = new DOTNET("projectname", "projectname.function");

and got this error

Fatal error: Uncaught exception 'com_exception' with message 'Failed to instantiate .Net object [CreateInstance] [0x80070002] The system cannot find the file specified. ' in C:\xampp\htdocs\OOP_curater\index.php:21 Stack trace: #0 C:\xampp\htdocs\OOP_curater\index.php(21): dotnet->dotnet('ProjectName', 'Function') #1 {main} thrown in C:\xampp\htdocs\OOP_curater\index.php on line 21

I now have the following questions with regards to loading a DLL for PHP

What is the best way to load a DLL where:

a. It is not really a PHP function

b. The source is not available

c. It cannot be registered (assuming due to the errors above)

d. It cannot be recompiled to be a PHP Extension / Register able

Few Things to Note

  1. The setup is currently on XXAMP for development and testing.
  2. I do not have admin rights, but can arrange for it if necessary.
  3. Production environment would be on a windows server running IIS.

I have very little knowledge in .net and Active Directory which is why I find this even tougher to handle. Also given the length of the question, hope I didn't miss out on anything important. Do let me know if you need more info.

EDIT

I was able to decompile the DLL using Reflector, and now have the source code and access to Microsoft Visual Studio for Applications 2.0. Incase you need me to make changed to the DLL itself.

Also I tried building it with the "make visible to com" option checked but still got the same error with regsvr 32 and regasm.

Community
  • 1
  • 1
TDsouza
  • 910
  • 2
  • 13
  • 38
  • 1
    Are you absolutely sure that you need a custom .DLL file for 'connecting and authenticating' to Active Directory? That sounds extremely strange to me. AD is just an LDAP instance and PHP has built-in support for this via the LDAP extension. And IIS has built-in single-sign on via negotiate for authentication... – timclutton Mar 13 '15 at 15:10
  • If you have opportunity to build asp.net website or webapi out of that DLL, then you can expose REST API to php function, that will be less of change ( if you are ready to do asp.net website or webapi) – Arindam Nayak Mar 14 '15 at 06:19

3 Answers3

1

This doesn't directly answer the question as asked, but solves your problem.

Use adLDAP (http://adldap.sourceforge.net/) in php it does it all for you. You don't need an external DLL or to roll-your-own.

Sample:

    $adldap = new adLDAP();
    $aUserInfo = getLDAPUserInfo($adldap, $username);
    if ($aUserInfo) {
        if (strlen($aUserInfo['mail']) > 0) {
            $email = $aUserInfo['mail'];
            if ($email) {
                $userRow['email'] = $email;
            }
        }
    }

or

$adldap = new adLDAP();
$authUser = $adldap->user()->authenticate($username, $password);
if ($authUser == true) {
    if ($adldap->user()->inGroup($username,'ServerAdmins')) {
        // This user is in server admins
    }
}
Robbie
  • 17,605
  • 4
  • 35
  • 72
  • A good suggestion for retrieving details from AD, but I've avoided using this for authentication since it requires users to enter their username & password. I've passed more than one audit on the basis that I never see these details. – timclutton Mar 17 '15 at 07:16
  • Just giving an example of how easy the library is to use. How you use it depends on your needs. – Robbie Mar 17 '15 at 10:38
0

Run your command prompt as an administrator and then try to register your DLL in windows.

Follow below steps:

  1. Run CMD as an Administrator
  2. Run Command: cd C:\xampp\htdocs\OOP_curater\ (Choose your DLL path)
  3. Run Command: regsvr32 filename.dll

I hope it could solve your problem.

Keval Gangani
  • 1,326
  • 2
  • 14
  • 28
  • I tried both regasm and regsvr32, regasm returns "no types were registered", dragging and dropping into windows/assembly give me a "dll needs to be strongly named" error and regsvr32 returns a entry point not found error – TDsouza Mar 13 '15 at 13:04
  • Try to put that DLL in "Program Files/[Folder Name]" and then register – Keval Gangani Mar 13 '15 at 13:25
  • I don't think that's the issue, it's got something to do with the code within the DLL, it's probably not a COM object or something, based on my research – TDsouza Mar 13 '15 at 13:27
  • That's also possible. By the way, you can tell them to create authentication web-services using that DLL and you can call those web-services in your PHP code to authenticate user in your portal. – Keval Gangani Mar 13 '15 at 13:44
  • They might not support me to that extent, might not be possible – TDsouza Mar 13 '15 at 13:55
  • ohh...tell them to convert this DLL into COM DLL. – Keval Gangani Mar 13 '15 at 14:31
0

Based on your description of your requirements I'm not convinced you're going about this the right way. I suspect you've been led astray by 'they' providing you with a DLL file, as if you are building a desktop (or ASP.NET?) application.

As I understand it you simply need to authenticate users of your PHP application via Active Directory (presumably to allow for authorisation checking in your application). With IIS this is a standard feature and is simple to activate. See my answer to another question here on SO about how to do this.

If you need to do any querying against the AD (like retrieving the users UID, email, etc.) you can use the built-in LDAP functions.

A quick and dirty example:

$server ='ldaps://server_hostname'; // could also use 'ldap://' for non-encrypted connection.
$username = 'username'; // should be a restricted 'service account' to be used only by this app.
$password = '';
$base_dn = '';
$search_filter = 'cn=' . $_SERVER['AUTH_USER']; // search based on username provided by IIS single-sign on.
$attributes = ['mail', 'sn', 'cn']; // array of fields you want AD to provide.

$ldap = ldap_connect($server);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); // generally needed with AD.
ldap_bind($ldap, $username, $password); 
$search = ldap_search($ldap, $base_dn, $search_filter, $attributes);
$data = ldap_get_entries($ldap, $search);

If a match is found $data will be an array of the specified attributes.

Community
  • 1
  • 1
timclutton
  • 12,682
  • 3
  • 33
  • 43
  • Your absolutely right about "me being led astray by they", also your solution sounds pretty sensible, just a query does that mean all aspects of authentication like session management etc would be taken care of by IIS? Is there anything that I would have to handle at the application level? I'm really new to IIS and .net so the confusion. Also for testing is `LDAP_BIND` my only option – TDsouza Mar 13 '15 at 16:41
  • IIS will completely handle authentication. Your application will only run if IIS successfully authenticates the user. If you don't need any more details from AD than the username, which IIS provides in a `$_SERVER` variable, you don't even need to use the LDAP functions. If you do want more data from AD then `LDAP_BIND` is required for establishing a connection. – timclutton Mar 13 '15 at 17:57
  • So are you saying $_SERVER would be a "client specific" variable? exactly like "$_Sessions['username'] or something? I looked around it does seem like the case, but just confirming – TDsouza Mar 16 '15 at 08:11
  • [`$_SERVER`](http://php.net/manual/en/reserved.variables.server.php) is an array of server (IIS/Apache/etc.) provided information. When a user is authenticated by the server it sets a specific key in the array to the authenticated username, e.g. `$_SERVER['AUTH_NAME'] = 'XXX'`. You can use this to uniquely identify each user and look their details in the AD. – timclutton Mar 16 '15 at 08:19
  • Ohh ok, got it, I still need some clarity about the authentication part though. My understanding of authentication is to only check if "the username and password is valid". While session management would be activities even after authentication(Like session timeouts etc). Does IIS/windows handle these aspects as well – TDsouza Mar 16 '15 at 13:39
  • That's correct; IIS will only perform a username/password validation check. Session handling should be done in your application. – timclutton Mar 16 '15 at 14:00