Basic steps will be to open a connection to the LDAP server, this is done with ldap_connect(), this does not require authentication. Next you will bind to the LDAP directory, this step is when you will check the information your user provided. Use the ldap_bind() function, this will return true if the credentials provided by your user are valid and false if they are not. Please note that on the username at lease when I worked with this (Windows Active Directory) did require the name of the domain in front of the username (i.e domainName\userName). If you want to go further and make sure the user is a member of a group that is allowed to access the application you can search for the user object using ldap_search() and ldap_get_entries() and check the memberof attribute for the group. If all of the tests pass do what you would do during any other authentication method, set session and or cookie variables maybe update a database or log. Make sure the if the LDAP bind was successful you call the ldap_unbind() function after you have collected your user information from the directory.
