stackoom
  简体   繁体   中英

How to authenticate with LDAP using PHP

 原文  2016-11-30 11:37:20       php/ authentication/ active-directory/ ldap

Question

I'm using Mr. Sam J Levy PHP LDAP authentication script . I'm not familiar with Microsoft Active Directory at all. So I'm not sure what I have to put in for $ldap_user_group = "WebUsers"; and $ldap_manager_group = "WebManagers"; . For my company's AD the user's accounts are divided under different departments and locations. I understand the rest of the script, I'm just not sure of how am I supposed to get to the WebUsers and WebManagers. Any help is appreciated.

This is the full script: 

<?php
// Initialize session
session_start();

function authenticate($user, $password) {
if(empty($user) || empty($password)) return false;

// Active Directory server
$ldap_host = "192.158.16.73";

// Active Directory DN OU=Accounts,DC=DMM,DC=JED,DC=RUH
$ldap_dn = "CN=Some Name,OU=IT,OU=Office Users,OU=RUH,OU=Accounts,DC=Company,DC=com";

// Active Directory user group
$ldap_user_group = "WebUsers";

// Active Directory manager group
$ldap_manager_group = "WebManagers";

// Domain, for purposes of constructing $user Company.com
$ldap_usr_dom = '@Company.com';

// connect to active directory
$ldap = ldap_connect($ldap_host);

// verify user and password
if($bind = @ldap_bind($ldap, $user.$ldap_usr_dom, $password)) {
    // valid
    // check presence in groups
    $filter = "(sAMAccountName=".$user.")";
    $attr = array("memberof");
    $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap, $result);
    ldap_unbind($ldap);

    // check groups
    foreach($entries[0]['memberof'] as $grps) {
        // is manager, break loop
        if(strpos($grps, $ldap_manager_group)) { $access = 2; break; }

        // is user
        if(strpos($grps, $ldap_user_group)) $access = 1;
    }

    if($access != 0) {
        // establish session variables
        $_SESSION['user'] = $user;
        $_SESSION['access'] = $access;
        return true;
    } else {
        // user has no rights
        return false;
    }

} else {
    // invalid name or password
    return false;
}
}
?>

1 answers

solution1
 0 ACCPTED  2016-12-01 16:32:33

He is using those 2 variables in a check against the $entries that come back from ldap_get_entries. He is trying to determine if the user is a "manager" or a "user"... this part may be specific to his enterprise... and you might be able to get by without going this far.... Just comment those variables out, and also comment out the section after // check groups

You can then examine $entries to see what it looks like for your enterprise and go from there.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Authenticate using LDAP Can not authenticate using Django and ldap Authenticate against ldap using PHP, active directory, while using IE/Firefox How can I identify windows LDAP and linux LDAP using php? Intranet web applications that use the local windows username and password to authenticate using PHP & LDAP Using SSL to Authenticate LDAP/Active Directory Login How to get authorized user in ldap using php? How to add user in group using LDAP php? How to authenticate request using cURL in PHP How to authenticate to DevOps API using php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM