Using Active Directory for Remote Authentication

It is possible to use Remote Authentication with your LDAP server.

Before you start:

• We assume that you have some experience with remote authentication, with PHP, and with lightweight directory access protocols (LDAP).

Requirements

LDAP support in PHP is not enabled by default. You will need to enable it. For more details check PHP documentation at http://php.net/ldap.

You may want to use Active Directory/PHP Helper library from http://adldap.sourceforge.net. If you do want to use it, download the library and place it into the kb_installation_dir/admin/lib/custom directory.

Here is an simple example of the function customized to authenticate against a LDAP server:

function remoteDoAuth($username, $password) {
    
    require_once 'custom/adLDAP.php';
    
    $auth = false;
    if(empty($username) || empty($password)) {
        return $auth;
    }
    
    
    //create the AD LDAP connection
    $adldap = new adLDAP();

    $user = array();
    $ldap_user = $adldap->user_info($username, array(*));

    // if found, populate $user array 
    if($adldap->authenticate($username, $password)){
        $user['first_name'] = $ldap_user[0]['givenname'][0];
        ...
    }
    
    return $user;
}

You can find more examples in kb_installation_dir/admin/lib/custom directory.