Question about website authentication

S

seanusc

Registered
I have a website on an OSX 10.3 server, which requires users of our company to login in and out to access it. Right now, there is a common login and password for everyone to get into the site, but I would love if they could get in using their own domain logins. There are thousands of people here, so it would be tough to manually enter each one. Our domain logins are controlled by Active Directory on a windows server.

Does anyone know if there is a way to authenticate entry to the website via an active directory service? Thanks a lot for your help!

Sincerely,
Sean H.
 
LDAP is new to me, but I wrote this function in PHP which should do the trick. It sends an HTTP authentication request back to the client and repeats it until the client has supplied a valid login pair for the specified server. I haven't tested it, but there's a chance it'll work.

This requires PHP on the server to be compiled with LDAP libraries. I'm not sure if the version shipping with OS X has that, but you could download Marc Liynage's version from http://www.entropy.ch/software/macosx/php/ .

I can probably assist further if you need more fancy stuff. Email me :)

PHP: 
<?php
/*

ldap_auth() - HTTP authentication to LDAP server using PHP
Copyright (C) 2005	Kjetil Valen	http://nn.urbanturban.no <kjetil@urbanturban.no>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

//	ldap_auth()
//	
//	Usage: Require this file in your script:
//	require('ldapauth.php');
//
//	Call the ldap_auth function before any output.
//
//	boolean ldap_auth ( string hostname[, int port[, string realmName]] )
//

function ldap_auth($hostname, $port, $area, $realmName) {
	if ( ! isset($realmName) ) {
		$realmName = "Please authenticate.";
	}
	
	if ( ! isset($port) ) {
		$port = 389;
	}
	
	if ( ! isset($_SERVER['PHP_AUTH_USER']) ) {
		header("WWW-Authenticate: Basic realm=\"$realmName\"");
		header('HTTP/1.0 401 Unauthorized');
		exit;
	} else {
		$connection = ldap_connect( $hostname, $port )
			or die();

	 	if (! ldap_bind( $connection, $_SERVER[PHP_AUTH_USER], $_SERVER[PHP_AUTH_PW] )) {
			header("WWW-Authenticate: Basic realm=\"$realmName\"");
			header('HTTP/1.0 401 Unauthorized');
			exit;
		}
	}
}
?>
 
You must log in or register to reply here.
Back
Top