Chris's Blog of Gooey Goodness! » mod_auth_sspi http://chrisbjax.com My personal world on the web! Fri, 23 Jul 2010 19:28:33 +0000 en hourly 1 http://wordpress.org/?v=4060 Setting up mod_auth_sspi & adldap http://chrisbjax.com/2008/09/26/setting-up-mod_auth_sspi-adldap/ http://chrisbjax.com/2008/09/26/setting-up-mod_auth_sspi-adldap/#comments Fri, 26 Sep 2008 17:39:24 +0000 chris http://blog.chrisbjax.com/?p=29 WOW, that’s a mouthful!

Well, luckily, I just managed to get this working myself! Hurray for me!

WHAT THIS DOES???

This script will use the SSPI module to grab your local login
DOMAIN\ID, break the domain name off the front of your ID, then
utilizing adldap, query AD for your user ID, which is displayed
lastname,firstname, then break that apart, and echo first name last
name.

You can easily copy this on your intranet pages. (Which is what I use it for,)

ASSUMPTIONS

  • Windows 2003 STD server
  • PHP, MYSQL, APACHE (Typically referred to as a WAMP installation) installed and running correctly.
  • You have a working knowledge of PHP, and apache, and how to edit, modify files.

SETUP

Download the current release of ADLDAP from their website (At the time of this writing, the current version was v2.1)

Edit the file to point to your LDAP server. (See example below)

class adLDAP {

// BEFORE YOU ASK A QUESTION, PLEASE READ THE DOCUMENTATION AND THE FAQ

// http://adldap.sourceforge.net/documentation.php

// http://adldap.sourceforge.net/faq.php

// You can set your default variables here, or when you invoke the class

var $_account_suffix=“@yourdomin.com”;

var $_base_dn = “DC=yourdomain,DC=com”;

// An array of domain controllers. Specify multiple controllers if you

// would like the class to balance the LDAP queries amongst multiple servers

var $_domain_controllers = array (“yourdomaincontroller.yourdomin.com”);

// optional account with higher privileges for searching

// not really that optional because you can’t query much as a user

var $_ad_username=“account_to_query_AD”;

var $_ad_password=“password_for_Account”;

Copy the adldap.php file to your website. (I installed into /includes folder.)

ok, we’re done..

Just kidding, but not too much more!
Wink

Next, Download mod-auth-sspi from sourceforge.net .

Copy the files mod_auth_sspi.so and sspipkgs.exe to your apache modules folder.

Add the module to the server’s config file by editing httpd.con.

LoadModule sspi_auth_module modules/mod_auth_sspi.so

Protect a directory or location.

You can put these directives inside the httpd.conf file, or inside .htaccess

files if AllowOverride AuthConfig is set.

<Directory “C:/SSPI”>

AllowOverride None

Options None

Order allow,deny

Allow from all

AuthName “My Intranet”

AuthType SSPI

SSPIAuth On

SSPIAuthoritative On

require valid-user

</Directory>

NOTE – There is information on the SSPI

Create a file named : whoami.php or you can name it, ilikepinkelephants.php if you prefer.

Copy this into it.

<?php require(‘includes/adLDAP.php’); ?>

<?php

$cred = explode(‘\\’,$_SERVER['REMOTE_USER']);

if (count($cred) == 1) array_unshift($cred, “(no domain info – perhaps SSPIOmitDomain is On)”);

list($domain, $user) = $cred;

$ldap=new adLDAP($options);

if (1){

$result = $ldap->user_info($user,array(‘displayname’));

$_SESSION['username'] = $result[0][displayname][0];

$fullname = $_SESSION['username'];

$splitname = explode(“,”, $fullname);

echo $splitname[1];

echo (” “);

echo $splitname[0];

}

?>
]]> http://chrisbjax.com/2008/09/26/setting-up-mod_auth_sspi-adldap/feed/ 0