Re: active directory and PHP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Alain,

PlexSSO is by far the best and easiest solution available for PHP SSO
with Active Directory. We provide:

  o Windows Integerated Authentication (WIA)
  o Script level access to user info like username, home drive, etc.
  o Script level access control using windows group names

Someone else mentioned LDAP but I don't know why because it doesn't
provide authentication [1]. For authorization LDAP doesn't automatically
perform proper group expansion and is redundant to start with since the
Kerberos ticket has the fully expanded groups in it already.

Our authorization code very easy to use. An access check looks like:

  <?php
      if (plexsso_is_memberof("FOONET\\Managers")) {
          echo "You're a manager.";
      }
  ?>

None of the mod_authz_* Apache modules can do this. These checks are
also very fast. Once the SIDs for the groups used in your scripts are
cached they're instantaneous.

Check us out. It's very affordable (free for 25 users and 25 groups),
we're adding major features in our next release, and we bring serious
SSO experience to the table.

   http://www.ioplex.com/

Mike

[1] You could proxy the user's username and password to ldap_sasl_bind but
aside from being a hack it's not SSO and doesn't scale because it requires
communication with the DC whereas Kerberos does not. And it's insecure
because you have to cache the users "credentials" in the user's session.

-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/

On Thu, 17 Aug 2006 12:14:18 +0200
"Alain Roger" <raf.news@xxxxxxxxx> wrote:

> Hi,
> 
> I'm new to PHP, so sorry if my question looks like stupid.
> 
> I have a web application which use authorization and authentication process
> to log-in.
> I would like to know if it exists a way to synchronize the authentication
> with our Active Directory domain ?
> Something like a single side-on.
> 
> In fact, i want from my web application users to make them remember only
> their login/pwd from Active directory to use my application.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux