Using active directory to authenticate users on intranet site

后端未结

关注

 2  1734

醉梦人生 2021-01-30 02:01

I have an \'intranet\' site that I have built, which has a login system of its own (users register as new users, and use the username/password thereon to login to the site). How

2条回答

無奈伤痛 (楼主)

2021-01-30 02:28
If you are looking only for authentication and nothing else, you may get away with only a few lines of code.

First, ensure you have ldap enabled in your php.

Here's pure php implementation:
(note that when doing it this way you should ensure that you DO HAVE a username and a password from a user - anonymous binding will almost always return true for AD)
```
$link = ldap_connect('domain.com'); // Your domain or domain server

if(! $link) {
    // Could not connect to server - handle error appropriately
}

ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, 3); // Recommended for AD

// Now try to authenticate with credentials provided by user
if (! ldap_bind($link, 'username@domain.com', 'SomeSecret')) {
    // Invalid credentials! Handle error appropriately
}
// Bind was successful - continue
```
If you expect to do more fun stuff with Active Directory like pulling some information about currently logged in user I strongly recommend using a framework to do the heavy lifting for you. As already mentioned, adLDAP is a good one and if you run PHP 5.4 I dare recommending the AD-X library which I actively develop (you can install it via Composer).

With the AD-X library, you can verify a user's credentials using this code:
```
try {
    $link = new ADX\Core\Link('domain.com'); // Establish connection to AD
    $link->bind('username@domain.com', 'SomeSecret'); // Authenticate user
}
catch (ADX\Core\ServerUnreachableException $e) {
    // Unable to connect to server, handle error
}
catch (ADX\Core\InvalidCredentialsException $e) {
    // Invalid credentials supplied
}
catch (Exception $e) {
    // Something else happened, check the exception and handle appropriately
}

// Successfully authenticated if no exception has been thrown
```
Feel free to choose which suits you best. However, if you expect to do more than authenticate I strongly suggest you use a library for the ldap work - it will save you a lot of time and possibly frustration when things do not work as you would expect them to.

Also, if in doubt what information you can/should use to connect and to authenticate feel free to check my previous answer on this topic.
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...