Setting up mod_auth_sspi & adldap
WOW, that’s a mouthful!
Well, luckily, I just managed to get this working myself! Hurray for me!
WHAT THIS DOES???
This script will use the SSPI module to grab your local login
DOMAIN\ID, break the domain name off the front of your ID, then
utilizing adldap, query AD for your user ID, which is displayed
lastname,firstname, then break that apart, and echo first name last
name.
You can easily copy this on your intranet pages. (Which is what I use it for,)
ASSUMPTIONS
- Windows 2003 STD server
- PHP, MYSQL, APACHE (Typically referred to as a WAMP installation) installed and running correctly.
- You have a working knowledge of PHP, and apache, and how to edit, modify files.
SETUP
Download the current release of ADLDAP from their website (At the time of this writing, the current version was v2.1)
Edit the file to point to your LDAP server. (See example below)
| class adLDAP {
// BEFORE YOU ASK A QUESTION, PLEASE READ THE DOCUMENTATION AND THE FAQ // http://adldap.sourceforge.net/documentation.php // http://adldap.sourceforge.net/faq.php // You can set your default variables here, or when you invoke the class var $_account_suffix=“@yourdomin.com”; var $_base_dn = “DC=yourdomain,DC=com”; // An array of domain controllers. Specify multiple controllers if you // would like the class to balance the LDAP queries amongst multiple servers var $_domain_controllers = array (“yourdomaincontroller.yourdomin.com”); // optional account with higher privileges for searching // not really that optional because you can’t query much as a user var $_ad_username=“account_to_query_AD”; var $_ad_password=“password_for_Account”; |
Copy the adldap.php file to your website. (I installed into /includes folder.)
ok, we’re done..
Just kidding, but not too much more!
Next, Download mod-auth-sspi from sourceforge.net .
Copy the files mod_auth_sspi.so and sspipkgs.exe to your apache modules folder.
Add the module to the server’s config file by editing httpd.con.
| LoadModule sspi_auth_module modules/mod_auth_sspi.so |
Protect a directory or location.
You can put these directives inside the httpd.conf file, or inside .htaccess
files if AllowOverride AuthConfig is set.
| <Directory “C:/SSPI”>
AllowOverride None Options None Order allow,deny Allow from all AuthName “My Intranet” AuthType SSPI SSPIAuth On SSPIAuthoritative On require valid-user </Directory> |
NOTE – There is information on the SSPI
Create a file named : whoami.php or you can name it, ilikepinkelephants.php if you prefer.
Copy this into it.
| <?php require(‘includes/adLDAP.php’); ?>
<?php $cred = explode(‘\\’,$_SERVER['REMOTE_USER']); if (count($cred) == 1) array_unshift($cred, “(no domain info – perhaps SSPIOmitDomain is On)”); list($domain, $user) = $cred; $ldap=new adLDAP($options); if (1){ $result = $ldap->user_info($user,array(‘displayname’)); $_SESSION['username'] = $result[0][displayname][0]; $fullname = $_SESSION['username']; $splitname = explode(“,”, $fullname); echo $splitname[1]; echo (” “); echo $splitname[0]; } ?> |
| Print article | This entry was posted by chris on September 26, 2008 at 12:39 pm, and is filed under Coding, Tech, Web Server. Follow any responses to this post through RSS 2.0. Both comments and pings are currently closed. |
Comments are closed.
