Active Directory authentication with PHP?
Posted: Thu Jan 29, 2004 10:27 pm
Hello everyone, I've got some questions that I'm hoping someone here can help me out with.
As we continue to develop more PHP applications it's becoming increasingly problematic to use "separate" authentication mechanisms for each of them (our existing applications use mysql tables of users or flat files). I would like to know if anyone here has any good recomendations for authenticating against our domain (Windows 2000 Active Directory). I would especially like it if the authentication mechanism would allow us to make use of the security groups in the domain (so only members of a particular group would have access) however that is not essential.
I've looked into LDAP authentication some and think I could get it to work eventually (although it's certainly not as easy as mysql or text file based methods) although to help speed things along I was hoping someone would know of a free script or be willing to share their code with me to speed the process up. I've found a couple of partial LDAP scripts but nothing more than general examples and the code snippits that I did try to use werent working right; my guess would be because they are designed for OpenLDAP or another form of LDAP server and dont function quite right with AD however I'm not sure and didnt put the time into trying to figure out which the case is.
LDAP isnt the only option however, I imagine a POP3, FTP, IMAP or other service based authentication would suit our needs.
I would appreciate any ideas, suggestions or thoughts on this. Especially if any of you have done this before and are willing to share your code.
Thanks!
-Erik
As we continue to develop more PHP applications it's becoming increasingly problematic to use "separate" authentication mechanisms for each of them (our existing applications use mysql tables of users or flat files). I would like to know if anyone here has any good recomendations for authenticating against our domain (Windows 2000 Active Directory). I would especially like it if the authentication mechanism would allow us to make use of the security groups in the domain (so only members of a particular group would have access) however that is not essential.
I've looked into LDAP authentication some and think I could get it to work eventually (although it's certainly not as easy as mysql or text file based methods) although to help speed things along I was hoping someone would know of a free script or be willing to share their code with me to speed the process up. I've found a couple of partial LDAP scripts but nothing more than general examples and the code snippits that I did try to use werent working right; my guess would be because they are designed for OpenLDAP or another form of LDAP server and dont function quite right with AD however I'm not sure and didnt put the time into trying to figure out which the case is.
LDAP isnt the only option however, I imagine a POP3, FTP, IMAP or other service based authentication would suit our needs.
I would appreciate any ideas, suggestions or thoughts on this. Especially if any of you have done this before and are willing to share your code.
Thanks!
-Erik