On Tuesday 07 November 2006 12:37, you wrote:
> So how can i implement a SSO via PHP only ?
To use LDAP from within PHP you need to have a version of PHP with LDAP
support available. Check the PHP online docs for how to do this.
Assuming you know how to use PHP to create a standard looking login box then
what you then need to do to check a username and password is to attempt
to "bind" to the LDAP server using these credentials. If this fails,
something is wrong with the credentials and you can decide how to handle it
in your code.
The main thing you'll need to know is how to construct the "dn" from just the
username. If you know about the LDAP directory you want to use then you'll
probably know how to do this. If not, talk with your directory admin.
The code you would write would be along these lines, assuming you've just
collected $username and $password from the login box...
$dn = "uid=$username,ou=Accounts,o=Your Company,c=US";
$ds=ldap_connect("your.ldap.server");
$r=ldap_bind($ds, $dn, $password);
If ldap_bind() succeeds you have an authenticated user.
There are sometimes a few extra things you may need to do, depending on your
directory server setup. For example, you may need to explicitly set the LDAP
protocol to use, or you may need to first do an "anonymous bind" to the
directory and run a query to get the correct dn for the user if you can't
construct the dn as in the above example. There are lots of code snippets in
the online PHP docs that cover these things.
HTH
- Nick
-----------------------------------------
Mae'r e bost hwn ac unrhyw atodiad iddo yn gyfrinachol ac fe'i
bwriedir ar gyfer y sawl a enwir arno yn unig. Gall gynnwys
gwybodaeth freintiedig. Os yw wedi eich cyrraedd trwy gamgymeriad
ni ellwch ei gopio, ei ddosbarthu na'i ddangos i unrhyw un arall a
dylech gysylltu gyda Cyngor Sir Powys ar unwaith.
Mae unrhyw gynnwys nad yw'n ymwneud gyda busnes swyddogol Cyngor
Sir Powys yn bersonol i'r awdur ac nid yw'n awdurdodedig gan y
Cyngor.
This e mail and any attachments are confidential and intended for
the named recipient only. The content may contain privileged
information. If it has reached you by mistake, you should not copy,
distribute or show the content to anyone but should contact Powys
County Council at once.
Any content that is not pertinent to Powys County Council business
is personal to the author, and is not necessarily the view of the
Council.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
