?
Solved

using PHP to Authenticate against Active Directory

Posted on 2011-09-14
4
Medium Priority
?
306 Views
Last Modified: 2012-05-12
Is there a way to Authenticate users using a remote Active Directory.   PHP is installed on our servers (Unix) and we don't have a LDAP server.  Active Directory is on a remote server and of course they are using Windows OS.

Can I authenticate to a remote Active Directory without having a LDAP server installed on my end.

If it can be done, please point me to the right direction/example...
0
Comment
Question by:melvint91
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 6

Assisted Solution

by:yjchong514
yjchong514 earned 450 total points
ID: 36535930
Importing a whole library seems inefficient when all you need is essentially two lines of code...

$ldap = ldap_connect("ldap.example.com")
if($bind = ldap_bind($ldap, $_POST['username'], $_POST['password'])) {  
 // log them in!
} else {  
// error message
}  
0
 
LVL 11

Accepted Solution

by:
Amar Bardoliwala earned 600 total points
ID: 36537191
0
 
LVL 7

Assisted Solution

by:boon86
boon86 earned 450 total points
ID: 36537206
Hi,

check this: http://adldap.sourceforge.net/

adLDAP is a PHP class that provides LDAP authentication and integration with Active Directory.

Intelligent Active Directory integration with PHP was a holy grail for most intranet developers for a long time. This project is really to help others with getting over the same hurdles that we've experienced in getting the whole LDAP SSL Active Directory puzzle working natively on Linux.

Given the varied nature of organisations and sites, adLDAP may not be _your_ complete solution, but it should be a very sound starting point. LDAP isn't overly friendly on first glance, and it's a steep learning curve made alot worse when coupled with Microsoft's seemingly unending army of gotcha's.

The information you can retrieve from Active Directory is as useful as you make it. If you don't fill out all their account information there's not really going to be much to query.

Documentation goes here: http://adldap.sourceforge.net/wiki/doku.php?id=documentation
download goes here: http://adldap.sourceforge.net/download.php

hope it help and suite your need.

Good luck
0
 

Author Closing Comment

by:melvint91
ID: 36812670
I had to still do alot of research from the information provided
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to implement server side field validation and display customized error messages to the client.
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question