Frankly though, I wonder if OpenLDAP is the right solution for your problem (see OpenID or
perhaps just something simple setup in MySQL - [encrypt those passwords! ><] - which
you're likely using /anyway/), but moving on...
Apache has pretty good LDAP support - I use it control access to our Subversion repo
SVNReposName " Subversion Repository"
AuthName " Subversion Repository"
require ldap-group CN=repos,OU=groups,DC=example,DC=net
(I have further defined groups/access for each repo underneath /svn)
But this is starting to step "Off Topic" - this is just Apache + SVN (via DAV).
I'm fairly certain PHP's level of support would be about the same if not better.
Once you've got OpenLDAP up and running and can do basic stuff via
ldapsearch/ldapadd/etc, then move on to getting PHP code to work.
has a decent article that
would seem to apply. It doesn't use ldap in any flavor, but if this user db will only
be used by PHP, then it would seem appropriate.
[mailto:openldap-technical-bounces+chris.jacobs=apollogrp.edu@OpenLDAP.org] On Behalf Of
Sent: Tuesday, June 22, 2010 1:19 AM
Cc: Bryan Boone
Subject: Re: Simple question about LDAP and web authentication.
On Tuesday, 22 June 2010 00:37:41 Bryan Boone wrote:
Hi everyone. I am a noob to LDAP and I have a question.
I am on a team that is building a special server. This server will be
running linux with an apache web server with PHP and apache is running a
special website that we designed.
I need to have the website be able to query LDAP servers for web
authentication. So when a user connects to this special web server, they
are prompted for a user name and password. Then I want to have the
website check the LDAP server to make sure that the user is indeed a user
of the website on our special server. So in a sense our special server
will be an LDAP client.
So my question is??? Is an LDAP client to be run as a Daemon or service?
No daemon is necessary.
Is this what OpenLDAP provides?
OpenLDAP provides libraries, a server, and some commandline client utilities.
Or can I simply use function calls (from
PHP or C) from the OpenLDAP library for the authentication?
Yes, you can use php_ldap or similar, or you can have your application rely on
the web server to do the authentication. Apache has an authentication module
Basically all I need is...
The user brings up the web page.
The user enters in the user name and password.
The server uses PHP or C to check to see if the entered information matches
an LDAP server. The web grants or denies access.
The LDAP server connection is closed.
No other actions or information from the LDAP server is needed.
Well, you said you need to "make sure that the user is indeed a user of the
website". Are all users in the LDAP directory users of the website? If not,
you may need a little bit more ...
This message is private and confidential. If you have received it in error, please notify
the sender and remove it from your system.