I have 2 servers which I wanted to talk to each other, one is a web server running Ubuntu and the other a Windows Server 2008. My task was to be able to create Active Directory users using PHP and from what is available, I found a very neat library for PHP called adLDAP. It had all the necessary functions needed to manage your Active Directory save for the very troublesome fact that you need to use LDAP over SSL in order for the module to be able to create accounts and change passwords. Everything else works without LDAP over SSL.
At first I was trying my hand out in making it work without the LDAP over SSL. But after some research, I found out that it is required by Windows Server itself to accommodate account creation. Knowing a bit about certificates and on how modern browsers typically screws over displaying the page due to those 'certificates cannot be verified' errors, I had little choice in this matter.
At first I thought maybe that error prompt could be a minor nuisance but unfortunately, non technical people have certain difficulty in getting around that. I had to make a choice, usability or to create something not that elegant which works without any nuisance.
Being a code monkey, I decided to do the workaround.
At first I researched options on what other ways I could create an Active Directory account without using the Active Directory Users and Computers manager. Apparently, you could create users using the command prompt using the dsadd command. After some practice, I got the syntax I needed and the errors thrown if ever theres something wrong.
So I already have the command, how do I run it? Ive thought of just moving the user creation page to the Windows Server and opening it to the public, but as Ive told my friend, it would be like a sitting duck waiting to be shot down. I retained the approach to funnel all traffic to the web server and have the web server and the Active Directory server talk using the more secure local network.
But how the heck could I make an Ubuntu server and a Windows Server talk to each other? Well, Ive installed a web server in the Windows Server and made it run PHP. Now, the Ubuntu server, the Windows Server and myself could all talk and understand the same language: PHP.
It was something unelegant. Some problems are still there, like if my GUI is in the Ubuntu server, how can I invoke a POST to the Windows Server and get the output from that end. Upon researching POST and passing parameters, I discovered cURL. cURL is a client URL library, which in simple terms, is something that one could use to pass parameters to another URL and gets a return reply which could be used in the requesting machine. A simple diagram would be:
Ubuntu cURL -> Windows Server (regular form accepting POST values) -> Ubuntu cURL
Ive setup two pages, first the page in the Ubuntu web server which does the 'curling'. Second is the page that accepts and processes form submits, if you've coded dynamic web pages this would sound familiar. Its just a regular page where all your data goes to when you hit the submit button. Its normally in the action="thispage.php" parameter. Whatever the output of that page will be thrown back to the currently waiting page in the Ubuntu web server.
I had my fair share in minor troubles, one would be that my PHP installation is not compiled to support cURL.
I just invoked an install command using apt-get (logged in as root of course)
The important phases of using cURL in passing parameters to another page as I read through this helpful guide would be (4 steps):
1. Prepare the data to be posted
This is the page where you will be sending in your data. In my case, instead of a public domain address, I used a local IP address. It would still be accessible since PHP is a server side language which executes the code on the server (which is also in the same local network)
The last part waits for the output from the other end and displays it, hence the echo $result. This will output whatever is displayed on the other end as if you are browsing through the page. In my case, I coded the output on the Windows end to be as simple as possible: throwing a text saying that the command issued was successful or there was an error. Upon getting the output from the Windows end, I display it to the Ubuntu side by processing the $result. Use your imagination, feel free to use string manipulation functions to make the output compliant with the look and feel of your page.
At first I was trying my hand out in making it work without the LDAP over SSL. But after some research, I found out that it is required by Windows Server itself to accommodate account creation. Knowing a bit about certificates and on how modern browsers typically screws over displaying the page due to those 'certificates cannot be verified' errors, I had little choice in this matter.
At first I thought maybe that error prompt could be a minor nuisance but unfortunately, non technical people have certain difficulty in getting around that. I had to make a choice, usability or to create something not that elegant which works without any nuisance.
Being a code monkey, I decided to do the workaround.
At first I researched options on what other ways I could create an Active Directory account without using the Active Directory Users and Computers manager. Apparently, you could create users using the command prompt using the dsadd command. After some practice, I got the syntax I needed and the errors thrown if ever theres something wrong.
So I already have the command, how do I run it? Ive thought of just moving the user creation page to the Windows Server and opening it to the public, but as Ive told my friend, it would be like a sitting duck waiting to be shot down. I retained the approach to funnel all traffic to the web server and have the web server and the Active Directory server talk using the more secure local network.
But how the heck could I make an Ubuntu server and a Windows Server talk to each other? Well, Ive installed a web server in the Windows Server and made it run PHP. Now, the Ubuntu server, the Windows Server and myself could all talk and understand the same language: PHP.
It was something unelegant. Some problems are still there, like if my GUI is in the Ubuntu server, how can I invoke a POST to the Windows Server and get the output from that end. Upon researching POST and passing parameters, I discovered cURL. cURL is a client URL library, which in simple terms, is something that one could use to pass parameters to another URL and gets a return reply which could be used in the requesting machine. A simple diagram would be:
Ubuntu cURL -> Windows Server (regular form accepting POST values) -> Ubuntu cURL
Ive setup two pages, first the page in the Ubuntu web server which does the 'curling'. Second is the page that accepts and processes form submits, if you've coded dynamic web pages this would sound familiar. Its just a regular page where all your data goes to when you hit the submit button. Its normally in the action="thispage.php" parameter. Whatever the output of that page will be thrown back to the currently waiting page in the Ubuntu web server.
I had my fair share in minor troubles, one would be that my PHP installation is not compiled to support cURL.
I just invoked an install command using apt-get (logged in as root of course)
apt-get install php5-curlafter it got installed, I restarted my web server
service apache2 restartAfter which, I fired up my code and see what result it throws me from the Windows end. After some minor tweaks, I got it correctly.
The important phases of using cURL in passing parameters to another page as I read through this helpful guide would be (4 steps):
1. Prepare the data to be posted
The upper part of this segment is plugging into an array the values you need to be passed. The lower half would be turning it into a single chunk of data which will be sent to the other end. In this example, the resulting $post_str would be “first_name=Jatinder&last_name=Thind&password=secret&email=me%40abc.com” which is properly url encoded.
$data = array();
$data['first_name'] = 'Jatinder';
$data['last_name'] = 'Thind';
$data['password'] = 'secret';
$data['email'] = 'me@abc.com';
?>
2. Connect to the remote URL
$post_str = '';
foreach($data as $key=>$val) {
$post_str .= $key.'='.urlencode($val).'&';
}
$post_str = substr($post_str, 0, -1);
?>
This is the page where you will be sending in your data. In my case, instead of a public domain address, I used a local IP address. It would still be accessible since PHP is a server side language which executes the code on the server (which is also in the same local network)
$ch = curl_init();3. Post (submit) the data
curl_setopt($ch, CURLOPT_URL, 'http://example.com/form-handler.php' );
?>
The first half is telling cURL that a POST method will be invoked. cURL handles a multitude of methods including support for proxies, GET, POST, HTTPS and all that sugary stuff. The code below tells cURL to send the $post_str we made earlier to the URL in step 2.
curl_setopt($ch, CURLOPT_POST, TRUE);
?>
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_str);4. Fetch response and display it to the user
?>
The last part waits for the output from the other end and displays it, hence the echo $result. This will output whatever is displayed on the other end as if you are browsing through the page. In my case, I coded the output on the Windows end to be as simple as possible: throwing a text saying that the command issued was successful or there was an error. Upon getting the output from the Windows end, I display it to the Ubuntu side by processing the $result. Use your imagination, feel free to use string manipulation functions to make the output compliant with the look and feel of your page.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);For more information about cURL, visit the ever helpful PHP API
$result = curl_exec($ch);
curl_close($ch);
echo $result;
?>
Comments
Post a Comment