I've trying to create website on Win2003 server with IIS6 and PHP 5.
The idea is that a user arrives at the page, gets authenticated by IIS.
Then using adladp, find out if they are a member of a particular Active Directory group allow certain task.
I can get the logged on users username from $_SERVER['LOGON_USER']. But that is not enough for adldap to be query the Active Directory for group memberships. I have to hard code a non-admin username and password into the adldap.php for this to work.
Is there any way adldap can use the credentials of the currently logged on and authenticated user and query the Active Directory for group memberships ?
thanks in advance.
As far as I am aware this is not possible, the apache side is just checking if the user is authenticated before allowing access. You must provide an AD account name and password to obtain further information such as group membership.
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.