LDAPéActiveDirectory authentication (SSO)

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

LDAPéActiveDirectory authentication (SSO)

Post by alex.barylski »

Curious as to how NTLM-SSO, WIndows and ActiveDirectory all fit togather and play nicely. I may need to authenticate users of my PHP application running under Debian, against a Windows ActiveDirectory. Its a shop management system (work orders, etc) so everyone I assume has a Windows account, which I hope is centralized on an AD somewhere. Instead of having users authenitcate twice (once with Windows and once with PHP app) I would prefer to have NTLM (or whatever) basically send the credentials of the user account to my PHP application, which would then authenticate the user against the same AD.

Ideally I am hoping, its possible that once someone logs in at their Windows terminal and attempt to access the Internet-Intranet URI they will be prompted by HTTP authentication and even better automatically be signed into the PHP application using the same credentials provided at Windows login. Because the PHP app needs to be accessed via the Internet as well, I would still need those credentials passed to the auth script in order to authenticate external users.

What Im thinking is hopefully Windows caches the credentials of logged in users and can somehow send those details to my PHP application using HTTP authentication or similar...

I have never done anything like this before so if anyone can offer any details or explanations that would be awesome. Obviously I am missing tons of specifics so any help is appreciated :)

Cheers,
Alex
Post Reply