Intranet web applications that use the local windows username and password to authenticate using PHP & LDAP
Question
We are trying to modify our intranet web applications, Every individual user to be use their own & only one username and password log-in authentication to log-in to all intranet web applications.
For that we try to use their local windows /linux system username and password .
Once user logged in to their system he/she can able to access all intranet web application directly once he/she browse the web application. He/she no need to log-in each and every time for each and every intranet web application .
I read many articles ( one , two , three , four and so ..) but I could not understand how am I get local windows/linux system username and password those who logged in to that system by using PHP ,at least username alone is more enough.
I tried <?php echo getenv("username"); ?> <?php echo getenv("username"); ?> this but its shows blank.
Please give me a solution .Please don't reject this question .
Thanks in advance for your answers and comments.
2 answers
solution1
2 2013-04-05 10:37:37
Short Answer : You can't get the local users machine-loginname on the server side. It would be a security-flaw!
Long Answer : You can use PHP to query your companies LDAP whether a username and a passwort given in a loginform match and use that information to authenticate that user for a given service. Thats a one password for everything -policy.
But as far as I understand you, you want a SingleSignOn -Policy (SSO) so that the user sitting at it's client doesn't even need to provide her credentials when accessing a website. This can only be achieved using a different toolchain that handles 'tickets' and such things. Such a Toolchain would be Kerberos which is used by Microsofts ActiveDirectory or Apples OpenDirectory. This toolchain can use LDAP as backend to store it's passwords.
But using Kerberos is everything else than easy. The WebServer providing your intranet-services has to be kerberized so that it can handle tickets it gets from the kerberos-server.
You should look into that diretion. Try Kerberos or SSO as search-strings in your favourite search-engine.
solution2
0 2013-04-04 13:04:18
You must authenticate with LDAP in your PHP.
Steps:
1) Make a login form 2) Receive the input and compare with your database (through ldap). 3) If its OK, start a session with PHP, save a Cookie. 4) use session_start() in all your sites, so you can get the session info.
Cookies can only be used by sites that created it, so you should have your intranet in the same domain or save this info in a database.
PHP will not get your system variables like you posted, PHP is not integrated in any OS, it's like any programming language, you build what you want.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.