You cannot authenticate users to active directory in PHP but IIS supports integrated authentication which will. You can then use the ldap functions in PHP to pull data from active directory concerning that authenticated user. You could sort of authenticate them by using the ldap_bind with their entered username and password, but that would not be secure.
Here's some code (note, this is very specific to our use of it):
$uName = explode("\\",$AUTH_USER);
//$AUTH_USER contains the DOMAIN\SAMACCOUNTNAME of user
//when integrated authentication is used.
$uName = $uName[2];
$crit = "samaccountname=$uName";
$info = ldapSearch($crit);
if ($info){
$USER_PHONE = $info[0]['telephonenumber'][0];
$USER_FIRST = $info[0]['givenname'][0];
$USER_LAST = $info[0]['sn'][0];
$USER_DEPT = $info[0]['department'][0];
echo "$USER_FIRST $USER_LAST is currently authenticated. Call them at $USER_PHONE.";
}
else
echo "Didn't find the currently authenticated user.";
//This function searches the users directory, to traverse more trees this needs modification.
function ldapSearch($criteria,$dir){
$ds=ldap_connect("ldapserverdnsname"); // must be a valid LDAP server!
$dn = "cn=Valid User Real Name, ou=Some OU, dc=yourcom, dc=com";
$password = "password for above user";
$criteria = str_replace("(","\(",$criteria);
$criteria = str_replace(")","\)",$criteria);
if (strlen($dir) < 1)
$dir = "cn=users, dc=yourcom, dc=com";
if ($ds) {
$r=ldap_bind($ds,$dn,$password);
$sr=ldap_search($ds,$dir, $criteria);
$info = ldap_get_entries($ds, $sr);
}
//done looking...
ldap_close($ds);
return $info;
}
else
return false;
}
-----Original Message-----
From: Bryan Wood [mailto:bwood@ci.rowlett.tx.us]
Sent: Tuesday, April 15, 2003 12:38 PM
To: Ryan Jameson (USA)
Subject: RE: authenticating methods...
would you mind telling me how you authenticated the users with active directory using php ?
code would be nice...
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
