Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Active Directory LDAP connect with NTLM

Status
Not open for further replies.
jimbojames5645

jimbojames5645

Programmer
Dec 12, 2003
36
US
Does anyone know if this is possible using PHP. I am currently connecting to AD with the builtin ldap function in PHP using user/pass. I would like to be able to have people use their NTLM auth to bind to AD. I do not know if this is currently possible.
 
Sort by date Sort by votes
i think IE can transfer ntlm data to sites that require integrated windows authentication. the php could then run as the authenticated user and access to ldap could happen that way.

otherwise there is some info here: about an ntlm proxy server that might help but i think users would still need to enter their username and password to make it work.
 
Upvote 0 Downvote
On the client PC, open IE and head for Tools->Internet Options, then click on the Security Tab.

Place your site in the Intranet zone by clicking on the Sites tab, then clicking Advanced.

Once your site is added to the Intranet zone, it's time to make a superglobal available to PHP, that being $_SERVER['AUTH_USER']. So, head back to the main Internet Options screen, make sure the Security tab is still active, click on the Intranet zone icon, and now click Custom Level to set the security level for this zone.

There's a bunch of settings that you can play with, but the one you want is located right at the bottom, under User Authentication. Select "Automatic Logon with Current User Name and Password", click OK, exit out of all the screens, restart IE on the user's machine, and you're done.

Now you'll be able to use the PHP superglobal $_SERVER['AUTH_USER'], which will contain the current username in the follow format: DOMAIN\USER NAME.

If any of this is unclear, please excuse it, as it's 3:26am and I haven't had to work a night shift in 4 years. :p

HTH


Greg

"for me, the action is the juice.
 
Upvote 0 Downvote
just in case it saves the OP some sweat: you need to be running php as a server module (rather than cgi) of IIS or Apache to have access to the $_SERVER['AUTH_USER'] superglobal.

and again - i'm not certain here - but i believe this trick only works with IE and not with other browsers. as IE7 is supposed to be "de-integrated " from the OS it will be interesting to see whether this functionality is preserved.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kaeserea
  • Locked
  • Question
Connect to ODBC without pw in Code 1
Replies
2
Views
177
spamjim
spamjim
Wand850
  • Locked
  • Question
Parsing XML with multiple namespaces using PHP
Replies
3
Views
172
spamjim
spamjim
Gerrit Broekhuis
  • Locked
  • Question
PHP form with captcha and file upload
Replies
4
Views
140
Gerrit Broekhuis
Gerrit Broekhuis
waubain
  • Locked
  • Question
Convert Indexed Multidimensional Array to Multidimensional Array with Key Value pair 3
Replies
2
Views
111
waubain
waubain
PeDa
  • Locked
  • Question
Include URL with parameter in table generated by php
Replies
3
Views
224
PeDa
PeDa

Part and Inventory Search

Sponsor

Back
Top