Well, it turns out that, yeah, from a PHP perspective, it is. It is actually pretty easy, once you are comfortable with working with an LDAP structure.
So, here is the basics of it. I have a simple page that all it does is print out the results of a simple authentication to an AD server:
<html>
<body>
<h1>AD Test</h1>
<?php
// Variables to use with ldap_bind
$ldapuser = 'username@some.domain.com'; // ldap username with suffix
$ldappasswd = 'notmyrealpw'; // associated password
// connect to AD server
$adconn = ldap_connect("ad_controler.myco.com")
or die("Could not connect to LDAP server.");
// if a connection was made attempt a binding
if ($adconn) {
// bind to ldap
$ldapbind = ldap_bind($ldapconn, $ldapuser , $ldappass);
// Check authentication
if ($ldapbind) {
echo "User is authenticated.";
} else {
echo "User was not authenticated.";
}
// unbind the connection
ldap_unbind($adconn);
}
?>
</body>
</html>Basically, you have your username, for example avgwebgeek. Then you have a suffix, which is your account suffix for your domain, for example "@myco.com". Put them together (along with a password) and you have your AD authentication information. Of course, the username and password would be sent through request parameters. Granted, this is a pretty simplistic view of AD authentication. You can do a whole lot more, like searching, and updating AD information. I learned all about it by looking through the adLDAP Project. The hard part was realizing that I didn't have PHP enabled on my server. Hint: if you get a message like "Call to undefined function: ldap_connect() ", that means that your LDAP isn't enabled for PHP. The adLDAP page has a FAQ that explains that as well.
Posts
No comments:
Post a Comment