I want to be able to allow a single ou in Active directory to have authentication access to an internal website of my company. Please help as I have wasted too much time on it. This is what I have got so far:
$domain ='ab.cd.ef.gh.ij';
$host='xxx.xxx.xx.x';
$ds = ldap_connect($host); //has to be domain or hostname
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
if($ds)
{
$bind=ldap_bind($ds,$name, $pass);
if($bind)
{
$_SESSION['status'] = 'authorized';
header("location: index.php");
} else return "Please enter correct username and password.";
}
Thanks in advance
This works perfect if you want to allow one ou to have access to a login system :
$domain ='ab.cd.ef.gh.ij';
$host='xxx.xxx.xx.x';
$connect = ldap_connect($host); //has to be domain or hostname
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
$dn = "OU=something,OU=something,OU=something,OU=something,DC=ab,DC=cd,DC=ef,DC=gh,DC=ij";
$search = "CN=$name";
if($connect)
{
$bind=ldap_bind($connect,$name, $pass);
if($bind)
{
$sr=ldap_search($connect, $dn, $search);
$data = ldap_get_entries($connect, $sr);
for ($i=0; $i<$data["count"]; $i++)
{
$user = $data[$i]["dn"] ;
}
if($user =="CN=$name,OU=something,OU=something,OU=something,OU=something,DC=ab,DC=cd,DC=ef,DC=gh,DC=ij")
{
$_SESSION['status'] = 'authorized';
header("location: index.php");
}else
{
header("location:lost.html");
}
} else return "Please enter correct username and password.";
}
The only down side to this is that the username and the common name has to be the same for this to work.
Happy Coding