AD Authentication and single sign on.

Brought to you by: mmmbena1, putt1ck

#66 AD Authentication and single sign on.

Status: open

Owner: nobody

Labels: New Functionality (31)

Priority: 5

Updated: 2006-03-08

Created: 2006-03-08

Creator: Anonymous

Private: No

I was wondering if it would be possible to maybe get
the database to authenticate with a Windows AD logged
in user and not require a sign on?

Our users complain that they have to remember too many
username/passwords (only 2... sigh) and this would make
it TONS easier for us to implement your helpdesk.

Discussion

Nobody/Anonymous - 2007-10-26

Logged In: NO

Try downloading the cvs version of authentication.php and make the following changes to the ldap_authenticate function to authenticate off AD. I also have a modified sitesandusers.php to import users from the AD.
Cheers
Dax

function ldap_authenticate($ldapuser, $ldappassword) {
$ldap_lookup_user = 'search';
$ldap_lookup_password = 'bindpassword';
$sql = "SELECT * FROM tbl_Default_Preferences";
$result = db_recordset($sql);
$default_prefs = Array();
foreach ($result as $pref) {
$default_prefs[$pref['identifier']] = $pref['value'];
}
if ($default_prefs['ldap-ause'] == 'true' && strtolower($ldapuser) != 'root') {
$ds = ldap_connect($default_prefs['ldap-host'])or die("Could not connect to LDAP server.");
if($default_prefs['ldap-v2'] == 'true') {
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 2) or die("Could not set LDAP Protocol Version.");
}
else {
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3) or die("Could not set LDAP Protocol Version.");
}
// Dax ->
// Login as lookup user (or anonymous)
if ($ldap_lookup_user != '') {
if (!($bind=ldap_bind($ds, $ldap_lookup_user,
$ldap_lookup_password))) {
die("Unable to bind to server " .
"(invalid lookup username/password?)");
}
} else {
if (!($bind=ldap_bind($ds))) {
die("Unable to bind to server (Anonymous access not allowed?)");
}
}
//Dax End$ldapbind = ldap_bind($ds) or die ("Could not anonymously bind to LDAP");
//$r = ldap_search($ds, $default_prefs['ldap-basedn'], 'uid=' . strtolower($ldapuser)) or die("Could not search LDAP Server for name.");
$r = ldap_search($ds, $default_prefs['ldap-basedn'], '(&(objectClass=user)(sAMAccountName=' . strtolower($ldapuser) . '))') or die("Could not search LDAP Server for name.");
if ($r) {
$result = @ldap_get_entries( $ds, $r);
if ($result[0]) {
if (@ldap_bind( $ds, $result[0]['dn'], $ldappassword)) {
ldap_close($ds);
return $result[0];
}
}
}
ldap_close($ds);
return NULL;
}
return NULL;
}

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.