Menu
▾
▴
[phpesp-dev] LDAP authentication for Active Directory (and other ldap
|
From: Arjen v. B. <boc...@fe...> - 2010-05-22 14:02:55
|
I would like to propose an enhancement for phpESP so that the ldap authentication can be used for sites that use Active Directory and don't want to add an extra user. The problem is that in the current setup, there are two binds taking place: - first bind is anonymous or authenticated with a fixed username/passwd - second bind is done with the user credentials For Active Directory (and other ldap implementations that don't allow anonymous binds) the first bind has to be authenticated. So in the current setup you have to specify the dn and password needed for this bind in the config file. Instead of this I would like this first bind to use the user credentials, so no additional setup is needed on the ldap server side. In order to have this work, in the config you could have something like: $ESPCONFIG['ldap_bind_dn'] = 'uid=%s, dc=example, dc=com'; and in the auth functions you could use sprintf for substitution: $bind_dn = sprint_f($GLOBALS['ESPCONFIG']['ldap_bind_dn'], $username); $search_bind = @ldap_bind($ds, $bind_dn, $GLOBALS['ESPCONFIG']['ldap_bind_password']); I think it will take only a minor code change to make this work. Please comment on my proposal. grz Arjen |
