Improving MSU’s people search

In the summer of 2006, I had an idea. I would often use the Michigan State University website to look up email addresses and phone numbers of others at the university. The search mechanism on the website required the last name of individuals, with the first name optional.

But sometimes I didn’t know the last name of the person I was looking for. Like any good computer science student, I decided to write my own “MSU People Search”.

Like many large institutions, Michigan State University uses what is called an LDAP directory. LDAP directories can be used as a sort-of white pages for an institution. They can store information about people and tangible items like computers.

Most likely you have used one of these LDAP directories when setting up a local email client. When using Microsoft Outlook at work, I can type in the real name of a recipient in the “To:” address field. As I’m typing the email, Outlook will perform an LDAP search for a user with the provided name and update the “To:” address field to the user’s email address.

It’s not too hard to make your own LDAP search website. The most common parameters you are going to need are the LDAP server’s hostname, the “Base Distinguished Name” (otherwise known as a Base DN), and some attribute fields to request.

With the php-ldap library, you can write your own LDAP search website in PHP. Simply

1. Call ldap_connect to open a connection
2. ldap_search to perform your search
   • Optionally call ldap_sort to sort your entries
3. ldap_get_entries to turn your results into an associative array
4. Then iterate through your associate array and you’re done.

Feel free to take a look at my implementation and provide any feedback you have.

LDAP Basic auth over SSL using S.DS.P

I recently ran in to an issue where self-signed certificates were causing an LdapException to be thrown. The LdapException simply said “The LDAP server is unavailable.” Pretty ambiguous, huh? Well, long story short, the LDAP server had been configured with a self-signed SSL certificate, and that certificate wasn’t trusted on the machine I was using. How could I check this?

Well, there’s two ways to check this.

1.) I opened up the certificate manager and checked. Using Vista, click the Start menu and type “certmgr.msc” in the text field. Hit Enter and it will bring up the Certificate Manager for the machine. You can look for the certificate within a number of the folders shown.

2.) I added a callback method to the LdapConnection.SessionOptions variable. This turned out to be a necessary add for the future because I can now fully understand and report to a user why the connection was bad.

« Read the rest of this entry »