This has worked for me in the past - it requires LDAP to be enabled in PHP to authenticate against the domain controller.
<?php $Username=''; $Password=''; $Group=''; //Group the user must be in $Domain=''; //your domain $base_dn = "DC=avsec, DC=govt, DC=nz"; // Ex: "DC=dhcmc, DC=com" $ldap_server = "ldap://YOUR_DC";; //DC to authenticate against $filter="(samaccountname=$Username)"; $connect=ldap_connect($ldap_server); ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); ldap_bind($connect, $Domain.'\\'.$Username, $Password) or DIE("Wrong Credentials"); $search=ldap_search($connect, $base_dn, $filter); ldap_sort($connect,$search,"sn"); $number_returned = ldap_count_entries($connect,$search); $info = ldap_get_entries($connect, $search); $InGroup=false; /* echo '<pre>'; echo print_r($info[0]['memberof']); echo '</pre>'; */ foreach($info[0]['memberof'] as $v) { if (strpos($v, 'CN='.$Group.',')!==false) { $InGroup=true; break; } } if ($InGroup===true) { echo $Username.' is a member of '.$Group; }else { echo $Username.' is not a member of '.$Group; } ldap_close($connect); ?> Rgds: Dave > -----Original Message----- > From: Merritt, David [mailto:[EMAIL PROTECTED] > Sent: Friday, 3 September 2004 4:48 a.m. > To: PHP General List (E-mail) > Subject: [PHP] Windows user authentication thru PHP and Apache > > All, > > Wanting to build a login page which uses the same user information as the > user's Windows account. Is there a way to validate a user's login > information against the primary Windows domain controller using PHP and > Apache? Searching the archives all I'm finding is how to do this with PHP > & IIS (which appears to be by using the functionality of IIS). > > Thanks, > > Dave Merritt > [EMAIL PROTECTED] > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
