Jump to content


Photo

PHP authentication using LDAP


  • Please log in to reply
7 replies to this topic

#1 brayann36

brayann36

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 19 November 2013 - 01:39 AM

Hey fellas , 

I was clueless about LDAP AND AD when i was told to create a login page for my web-app and check authentication with AD server . After searching through , i came to know what this LDAP is all about .
i need to get started with it , so i have a email feild and password . All worstations at my workplace have access to that server , as we use it to log on to the system . I need to use the same mechnism in my
login page . 

please Help me , how to get started with it , what all things will be necessary .
This article will be a great help to not only me but to all new PHP developers because somewhere down the line everyone is going to need this . 

P.S. I have the host name and port of the server where all login details are present i need some php class and tweaks in it to access it on hitting the login button .

Thanks .



#2 boompa

boompa

    Advanced Member

  • Members
  • PipPipPip
  • 211 posts
  • LocationMassachusetts

Posted 19 November 2013 - 06:47 PM

A Google search with your thread's title yields quite a few resources.

 

everyone is going to need this

 

Not everyone. A relatively small subset of PHP developers will need to authenticate via LDAP.



#3 Barand

Barand

    Sen . ( ile || sei )

  • Gurus
  • 13,880 posts
  • LocationCheshire, UK

Posted 01 December 2013 - 06:06 AM

I found the ADLDAP class invaluable when dealing with AD

 

http://adldap.sourceforge.net/


|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts
|baaSelect| generate js and php code for dynamic linked dropdowns

 


#4 Irate

Irate

    Advanced Member

  • Members
  • PipPipPip
  • 358 posts
  • LocationHamburg, Germany
  • Age:17

Posted 01 December 2013 - 04:04 PM

My school network uses LDAP on a Squid server if I'm not mistaken...

I can ask for some help, I guess?
Quod placet mihi non placeat tibi. - What I think to be good must not always equal your perception of it.

I am not perfect. I try a lot with the code I provide and I don't guarantee for it to work as I have mostly no option to test it on my mobile phone. I do apologize for any inconvenience I caused, but if I do happen to have helped, liking my posts or marking them as to have solved or answered your question would be nice.

#5 Petermichael703

Petermichael703

    Member

  • Members
  • PipPip
  • 21 posts

Posted 05 December 2013 - 10:41 AM

Of course Mr. Irate can ask any question any time anywhere but on related forum



#6 KevinM1

KevinM1

    Snarkimus Prime

  • Moderators
  • 5,149 posts
  • LocationNew Hampshire, USA

Posted 05 December 2013 - 11:41 AM

Please don't play moderator.



#7 Irate

Irate

    Advanced Member

  • Members
  • PipPipPip
  • 358 posts
  • LocationHamburg, Germany
  • Age:17

Posted 05 December 2013 - 03:41 PM

I guess I was being misunderstood...

I could ask my school's sysadmin for help, that's what I meant to say.
Quod placet mihi non placeat tibi. - What I think to be good must not always equal your perception of it.

I am not perfect. I try a lot with the code I provide and I don't guarantee for it to work as I have mostly no option to test it on my mobile phone. I do apologize for any inconvenience I caused, but if I do happen to have helped, liking my posts or marking them as to have solved or answered your question would be nice.

#8 dakota367

dakota367

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 06 January 2014 - 02:19 AM

Basic steps will be to open a connection to the LDAP server, this is done with ldap_connect(), this does not require authentication. Next you will bind to the LDAP directory, this step is when you will check the information your user provided. Use the ldap_bind() function, this will return true if the credentials provided by your user are valid and false if they are not. Please note that on the username at lease when I worked with this (Windows Active Directory) did require the name of the domain in front of the username (i.e domainName\userName). If you want to go further and make sure the user is a member of a group that is allowed to access the application you can search for the user object using ldap_search() and ldap_get_entries() and check the memberof attribute for the group. If all of the tests pass do what you would do during any other authentication method, set session and or cookie variables maybe update a database or log. Make sure the if the LDAP bind was successful you call the ldap_unbind() function after you have collected your user information from the directory.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com