[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Simple question about LDAP and web authentication.

On Tuesday, 22 June 2010 00:37:41 Bryan Boone wrote:
> Hi everyone.  I am a noob to LDAP and I have a question.
> I am on a team that is building a special server.  This server will be
>  running linux with an apache web server with PHP and apache is running a
>  special website that we designed.
> I need to have the website be able to query LDAP servers for web
>  authentication.  So when a user connects to this special web server, they
>  are prompted for a user name and password.  Then I want to have the
>  website check the LDAP server to make sure that the user is indeed a user
>  of the website on our special server.  So in a sense our special server
>  will be an LDAP client.
> So my question is???  Is an LDAP client to be run as a Daemon or service? 

No daemon is necessary.

>  Is this what OpenLDAP provides?

OpenLDAP provides libraries, a server, and some commandline client utilities.

>  Or can I simply use function calls (from
>  PHP or C) from the OpenLDAP library for the authentication?

Yes, you can use php_ldap or similar, or you can have your application rely on 
the web server to do the authentication. Apache has an authentication module 
for LDAP.

> Basically all I need is...
> The user brings up the web page.
> The user enters in the user name and password.
> The server uses PHP or C to check to see if the entered information matches
>  an LDAP server. The web grants or denies access.
> The LDAP server connection is closed.
> No other actions or information from the LDAP server is needed.

Well, you said you need to "make sure that the user is indeed a user of the 
website". Are all users in the LDAP directory users of the website? If not, 
you may need a little bit more ...