09-14-2011 11:25 AM
I need to authenticate Windows IE users against Active Directory. I have found PHP code which requests the encoded Windows userid & password from Internet Explorer. Now I'm lost as to how to do the authentication.
Do I enable the PHP LDAP module? (can't find any documentation on how to use it)
Do I enable LDAP in CSWS? (then how do I get the UserID/pwd to CSWS from the PHP code?)
As is obvious, this is all new to me. Couldn't find help in my search of CSWS related docs or searching this forum.
09-14-2011 07:33 PM
Given you've already found some PHP code to extract the user's credentials from the browser, I'd be inclined to explore the PHP LDAP module. I'm not familiar with it (nor with Active Directory in any detail) so the following is offered as general advice.
Going back to basics, there are two general ways of authenticating a user against an LDAP directory: one is to log in (bind) to the directory as the user, the other is to compare the supplied password against the password stored in the directory. Choosing one over the other will be influenced by what is easier to do with that particular LDAP server and what the application needs to do once it's authenticated.
If you're not particularly wedded to CSWS take a look at WASD instead. It has better performance than CSWS, has some really good tools for debugging HTTP requests, and has a number of authentication mechanisms supported out-of-the-box. I think there are users on the WASD mailing list who have done what you're trying to do. http://wasd.vsm.com.au/