Hi,
Apache authentification against kerberbors works like a charm.
What I want to do is ldap queries as the user that is authenticated.
That shoud be possible using ldap_sasl_bind and GSSAPI.
Did anyone achieve that?
Thanks,
Mike
On 2019-10-24 19:11, Balbuena, Josue wrote:
Hello
As far as I know, there is no support for that, if you are using
Apache you can delegate the authentication to it:
* Add the LDAP and Kerberos modules to Apache and configure them.
* Set an env variable so PHP can have access to the authenticated user.
Maybe this example can help you:
https://danieljamesscott.org/all-articles/10-articles/configuration-guides/9-apache-kerberos-and-ldap-integration.html
-----Original Message-----
From: michael@xxxxxxxxxxxxx <michael@xxxxxxxxxxxxx>
Sent: jueves, 24 de octubre de 2019 07:55 a. m.
To: php-general@xxxxxxxxxxxxx
Subject: LDAP SASL GSSAPI
Hi!
I want to bind to ldap using a kerberos ticket.
Here is my code:
putenv( 'KRB5CCNAME=' . $_SERVER['KRB5CCNAME'] );
$ldapConnection = ldap_connect( 'ldap://dc.contoso.com' );
$bind = ldap_sasl_bind( $ldapConnection, NULL, NULL, 'GSSAPI' );
var_dump( error_get_last( ) );
I get a "ldap_sasl_bind(): Unable to bind to server: Not Supported"
Error.
ldap_search using SASL on the Command Line (ldapsearch
-Hldap://dc.constoso.com -bdc=dc,dc=contoso,dc=com
samaccountname=user1)
works fine.
Do you guys have any pointers on how to get that working?
Thanks, Mike
