My current employer has asked me to provide a standard authentication method for intranet Web services in the enterprise. One of the major problems I have encountered is that our company mainly uses two kinds of platforms: Unix and Windows. So my first thought was not very successful: it required that every employee use UNIX or Linux to give up windows.
I think the best way to solve the current unix/windows problem is to take advantage of PHP's LDAP features. Because the LDAP server requires me to use an existing system, I am referring primarily to a huge Microsoft Exchange server system. I'm very happy to use Exchange, it's reliable, and the LDAP feature is very simple to use and configure. However, please note that this scheme is not the safest in terms of authentication. If you have a higher level of security requirements, I strongly recommend that you use LDAP and SSL.
Where to start learning
To get you started, I gave a list of PHP LDAP functions and a brief description of the functions. Then, I'll demonstrate how to establish a connection to the LDAP server and authenticate the user. For the sake of code simplicity, I'll demonstrate the functionality of the PHP connection and how to bind to the LDAP server.
A pair of perfect matches: PHP and LADP
Here's a list of the functions I'll use in the example. There are relevant information on the Internet.
Ldap_connect-is used to connect to the LDAP service.
Ldap_bind-is used to bind to a specific LDAP directory.
Ldap_error-gets the error message from the LDAP server.
ldap_search-is used to start the search.
Ldap_get_entries-gets multiple results from the search results.
Ldap_close-closes the LDAP connection.
Now I'll show you how to use the first function (code listing a) in the example and describe the function appropriately.
<?php
LDAP variables
$ldap [' user '] = ' uname ';
$LDAP [' pass '] = ' password ';
$LDAP [' host '] = ' ldap.example.com ';
$ldap [' port '] = 389;
$ldap [' dn '] = ' cn '. $ldap [' user ']. ', Ou=department,o=company Name ';
$ldap [' base '] = ';
Connecting to LDAP
$LDAP [' conn '] = Ldap_connect ($ldap [' Host '], $ldap [' Port '])
Or Die ("could not connect to {$LDAP [' Host ']}");
?>
A connection to the LDAP server (also called a resource, or resource) will be returned. The Ldap_connect function has two parameters: Host and port. First parameter: The host is the LDAP host name, and the second parameter is the port where the LDAP is running. By default, LDAP uses a port number of 389. If you need a secure connection to the LDAP server, you can change the parameter host to a URL for an LDAP server that you can access, as follows:
$LDAP [' conn '] = Ldap_connect ("ldaps://ldap.example.com");
Because you specify a URL instead of a server name, you do not need to use port parameters in this way. One thing to keep in mind is that the exact name needs to correspond to the cryptographic socket protocol Layer certificate (the SSL certificate).
<?php
LDAP variables
$ldap [' user '] = ' uname ';
$LDAP [' pass '] = ' password ';
$LDAP [' host '] = ' ldap.example.com ';
$ldap [' port '] = 389;
$ldap [' dn '] = ' cn '. $ldap [' user ']. ', Ou=department,o=company Name ';
$ldap [' base '] = ';
Connecting to LDAP
$LDAP [' conn '] = Ldap_connect ($ldap [' Host '], $ldap [' Port '])
Or Die ("could not connect to {$LDAP [' Host ']}");
Binding to LDAP
$ldap [' bind '] = ldap_bind ($LDAP [' Conn '], $ldap [' DN '], $ldap [' Pass ']);
?>
Demonstrates how to bind to a server with a user name and password. I created a suitable domain name (domain name, DN) and legitimately connected to LDAP with the user's password. By using domain names and passwords, we can allow the LDAP server to authenticate and bind the connection so that we are successfully bound. The return value of the Ldap_bind is a Boolean type. We can determine whether a user's logon certificate is valid based on the return value. When this process is over, you will know if the user identity is authenticated.
What would happen if something went wrong? Calling the Ldap_error function is a good way to judge what's wrong. The Ldap_error function returns a string containing information about the last error that occurred with the LDAP server.
In
<?php
LDAP variables
$ldap [' user '] = ' uname ';
$LDAP [' pass '] = ' password ';
$LDAP [' host '] = ' ldap.example.com ';
$ldap [' port '] = 389;
$ldap [' dn '] = ' cn '. $ldap [' user ']. ', Ou=department,o=company Name ';
$ldap [' base '] = ';
Connecting to LDAP
$LDAP [' conn '] = Ldap_connect ($ldap [' Host '], $ldap [' Port '])
Or Die ("Could not connect to server {$ldap [' Host ']}");
Binding to LDAP
$ldap [' bind '] = ldap_bind ($LDAP [' Conn '], $ldap [' DN '], $ldap [' Pass ']);
if (! $ldap [' bind '])
{
Echo ldap_error ($LDAP [' Conn ']);
Exit
}
?>
, I added the Ldap_error function to the script, and if the identity of the user bound to the LDAP server is not confirmed, the code will quit running. This function returns a string containing the error message generated by the last instruction sent to the LDAP server. If you do not log on successfully with the binding of a given username and password, the error message will contain the invalid username and password.
In our last example,
<?php
LDAP variables
$ldap [' user '] = ' uname ';
$LDAP [' pass '] = ' password ';
$LDAP [' host '] = ' ldap.example.com '; This article links http://www.cxybl.com/html/wlbc/Php/20121126/34395.html
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
