Is there a SIMPLE Active Directory PHP interface?

[Moron]

I need php to perform one seemingly simple task: log the user into an information screen using their Windows username and password. Nothing fancy. No AD searches or anything like that.

 

Currently, they log in using their employee number and the last four of their SSN, both of which match database fields. If I can get the AD connection working, then I'll make a new SQL table that contains their Windows username and use that for selection of their info.

 

But everything I find seems to be geared toward some sky-high purpose for which I have no need.

 

[Psycho]

Think about what you are asking. You are wanting a PHP solution to get the user's AD username & password - without actually connecting to the AD server. Can you imagine how big of a security hole that would be if random websites could do that? A web app can't just grab information off the user's computer. I don't know of any way for a PHP app to grap the username and password for the user's AD session.

 

You could have the user enter their AD username/password upon first login and authenticate them against AD as in this tuorial: http://www.davidschultz.org/2008/04/10/how-to-authenticate-against-active-directory-using-php/

 

However, if you want it so users don't have to always log in you could implement additional processes - at the expense of security. And, I'm sure your IT Admin would have a say about this.

 

Here is one possibility:

 

Have the user log in one time using their AD credentials. Upon successful authentication store their username & password in the database (encrypted for at least the password). Then also create a random hash value to be stored int he DB and as a cookie on the user's machine. Upon a subsequent access to the PHP application you would grab their credentials from the DB using the cookie value.

 

Of course if the cookie expires or is deleted the user would have to log in again.

 

Of course this opens a security risk in that anyone with access to that computer could get the value from the cookie and then use it to get logged in to the website as that person.

[Moron]

Think about what you are asking. You are wanting a PHP solution to get the user's AD username & password - without actually connecting to the AD server.

 

Huh? Connecting to the AD server is exactly what I want to do. Maybe I didn't explain it very well.

 

I want to:

 

1. Have the user enter their Windows domain (AD) username and password.

 

2. Upon doing so, their username will be set as a $_POST variable by which their info will be selected from the database.

 

I don't really want the "single sign-on" model at work here; I want the user to actually have to log into the info system, even though they're already logged into Windows.

 

Thanks.

 

[Psycho]

So, look at the link I posted. Seems fairly straitforward to me