Hi Bryan,

The ldap client does not need to be run as a daemon or service. A LDAP server provides a standards based protocol which you can use to access information stored in a LDAP database so a api call via php or whatever will get you the information you require regardless of the type of LDAP server.


It might be worthwhile to investigate how connections are handled by PHP. What I mean is that if your web app is going to do a high volume of authentication then it might be more effective to keep an connection open rather than creating a new connection for each authentication request.




From: openldap-technical-bounces+gerrard.geldenhuis=betfair.com@OpenLDAP.org [mailto:openldap-technical-bounces+gerrard.geldenhuis=betfair.com@OpenLDAP.org] On Behalf Of Bryan Boone
Sent: 22 June 2010 00:38
To: openldap-technical@openldap.org
Subject: Simple question about LDAP and web authentication.


Hi everyone.  I am a noob to LDAP and I have a question.


I am on a team that is building a special server.  This server will be running linux with an apache web server with PHP and apache is running a special website that we designed.


I need to have the website be able to query LDAP servers for web authentication.  So when a user connects to this special web server, they are prompted for a user name and password.  Then I want to have the website check the LDAP server to make sure that the user is indeed a user of the website on our special server.  So in a sense our special server will be an LDAP client.


So my question is???  Is an LDAP client to be run as a Daemon or service?  Is this what OpenLDAP provides?  Or can I simply use function calls (from PHP or C) from the OpenLDAP library for the authentication?


Basically all I need is...


The user brings up the web page.

The user enters in the user name and password.

The server uses PHP or C to check to see if the entered information matches an LDAP server.

The web grants or denies access.

The LDAP server connection is closed.


No other actions or information from the LDAP server is needed.


Do I have the right idea?




In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.