[nycphp-talk] Question Re: Intranet PHP central authentication???
csnyder
chsnyder at gmail.com
Mon Oct 16 14:13:13 EDT 2006
On 10/16/06, R. Mariotti <r.mariotti at fdcx.net> wrote:
> Therefore I was wondering what other firms are doing to address this out
> there? Immediately I can come up with a multitude of ways, but what is
> the norm? What is the standard? what is scalable and trasportable?
My workplace is primarily a Windows shop (on the workstation side of
things), so LDAP was a natural solution as we already use Active
Directory to manage user accounts. Active Directory is Microsoft's
implementation of LDAP.
Here's the code I use (as part of an authenticate( $username,
$password ) method):
if ( $ad = ldap_connect( 'ldap://'.$ldap_host.'/' ) ) {
$adusername = $ldap_domain.'\\'.$username;
if ( @ldap_bind($ad, $username, $password) ) {
ldap_unbind( $ad );
$this->log( "User $username authenticated via LDAP." );
return TRUE;
}
}
return FALSE;
That's ActiveDirectory specific (note the DOMAIN\USERNAME syntax) but
you'd do essentially the same thing with any other LDAP.
If you're building your own from scratch, the biggest hurdle seems to
be finding or creating a good interface for user/group administration.
Authentication is the easy part!
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list