Simple and fast authentication module when you want to authenticate your users
againt Active Directory through LDAP. The script will also store the username,
Display Name, and fully qualified DN ie;
DN=user,ou=users,ou=account,dc=domain,dc=com in a cookie. You could also
store any other attribute of the user in the cookie as well (email address, office
phone, etc...)
Note: you will need to change the server, basedn and filter variables for your
environment.
Just place an include "auth.in";
at the top of every file that you want protected.
$server="XXX.XXX.XXX.XXX"; //change to ip address of ldap server
$basedn="ou=users, ou=accounts, dc=domain, dc=com"; //change to reflect the ou
and
domain that your users are in.
$script=$_SERVER['SCRIPT_NAME'];
if (isset($HTTP_COOKIE_VARS['cookie'])) { //If cookie exists, retrieve it and
put it in an
array for use.
$cookie=$HTTP_COOKIE_VARS['cookie'];
}
if (isset($cookie)) {
$username=$cookie['user'];
$password=($cookie['token']);
$fullname=$cookie['fullname'];
$fqdn=$cookie['fqdn'];
$dn = "cn=$username, ";
if (!($connect = ldap_connect($server))) {
die ("Could not connect to LDAP server");
}
if (!($bind = ldap_bind($connect, "$dn" . "$basedn", $password))) {
die ("Could not bind to $dn$basedn");
}
} else {
if ((isset($_POST['username'])) && (isset($_POST['password']))) {
$username=$_POST['username'];
$password=$_POST['password'];
$filter="(&(|(!(displayname=Administrator*))(!
(displayname=Admin*)))(cn=$username))"; //define an appropriate ldap search filter
to
find your users, and filter out accounts such as administrator(administrator should
be
renamed anyway!).
$dn = "cn=$username, ";
if (!($connect = ldap_connect($server))) {
die ("Could not connect to LDAP server");
}
if (!($bind = ldap_bind($connect, "$dn" . "$basedn",
$password))) {
die ("Could not bind to $dn");
}
$sr = ldap_search($connect, $basedn,"$filter");
$info = ldap_get_entries($connect, $sr);
$fullname=$info[0]["displayname"][0];
$fqdn=$info[0]["dn"];
setcookie("cookie[user]",$username);
setcookie("cookie[token]",$password);
setcookie("cookie[fullname]",$fullname);
setcookie("cookie[fqdn]", $fqdn);
} else {
?>
Portal Login