Adding LDAP AuthN and AuthZ in PHP applications is a very easy thing with LDAPAuthPHP.
An usage example (there are a lot of different ways):
An usage example (there are a lot of different ways):
<?php
$pageURL = 'http';
if ($_SERVER["HTTPS"] == "on") {
$pageURL .= "s";
}
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$pageURL .= $_SERVER["SERVER_NAME"].":
".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
} else {
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
session_name('MYAPP');
session_start();
if (!isset($_SESSION["user"])) {
include("LdapAuth.inc.php");
$ldap=new LdapAuth();
$ldap->setSessionAttr("user","uid");
$ldap->setSessionName("MYAPP");
$ldap->setRedirectPage($pageURL);
//page where we get redirected after login (in this case self)
include("LdapStandalonePageProtector.inc.php");
}
else {
echo "Logged In As: ".$_SESSION["user"]."</hr>";
//paste here the old page code (or write the new page to protect)
}
- Load balancing and HA beetween multiple LDAP servers
- HTML Standalone Page Protector (if you are lazy you don’t need to write a login form)
- BasicAuth Standalone Page Protector (wanna LDAP-protect an RSS feed?)
- Custom attribute fetching (for AuthZ)
- Configurable ldap2Session attribute mapping (LDAP Attr -> PHP Session Attr)
- Access logging (to be improved and localized)
- php5-ldap (there are .deb and .rpm package in standard main linux distro repositories) ( http://packages.debian.org/sid/php5-ldap )
- If you are using LDAPS:// (And i suggest to use it always, a part when the LDAP is on the same machine of the PHP server) you will need to modify /etc/ldap/ldap.conf to set ldap server certificate verification or you will get a blank page using LdapAuthPHP.
- I found this php5-ldap certificate validation a little buggy then if you experience problems try to set TLS_REQCERT never (in /etc/ldap/ldap.conf) for skipping the certificate validation but keeping all the benefits of the SSL encryption.
