从 php 针对 Active Directory/ISA 进行身份验证

2022-01-17 00:00:00 ldap active-directory php

我有一个复杂的问题,因为我真的不知道从哪里开始而加剧了这个问题!

I have a complicated problem, exacerbated by the fact I don't really know where to start!

在过去的几年里,我开发了许多基于 web 的 php 系统.当我构建它们时,我们的网络充其量只是绳索,所以我没有想过要创建自己的用户名/密码.

Over the last few years, I've developed a number of php web-based systems. When I built them, our network was ropey at best, so I thought nothing of creating my own username/password stuff.

从那时起,我们的网络变得更加健壮,我们的管理员为各种其他事情安装了 ISA 服务器,而我的应用程序被留下令人沮丧的遗物,人们忘记了他们的密码,并且永远无法确定哪个属于什么.

Since then, our network has become a lot more robust, our admins have installed an ISA server for various other things and my apps are left as frustrating relics that people forget their passwords and are never sure which one belongs to what.

我希望能够将我自己的登录代码替换为与 ISA/Active 目录内容对话的内容,这样用户也可以使用他们的主用户名和密码登录我的内容.

I would like to be able to replace my own login code with something that will talk to the the ISA/Active directory stuff so users can just use their primary username and password to log onto my stuff too.

部分困难在于 PHP 应用程序托管在我们的网络之外,尽管我在网络内部也有一个服务器,如果需要的话可以充当网关.我可以访问的所有服务器都运行 Linux,尽管如果绝对必要,我可能能够说服某人在 Windows 机器上安装插件".

Part of the difficulty is that the PHP apps are hosted outside of our network, although I do also have a server inside the network to act as a gateway if necessary. All of the servers I have access to are running Linux, although I might be able to persuade someone to install a 'plugin' on a windows box if it is absolutely necessary.

我从哪里开始?

推荐答案

如果 PHP 在 Apache 下运行,您应该能够使用 mod_ldap 和 mod_authnz_ldap 对您的 Active Directory 服务器进行身份验证.

If PHP is running under Apache you should be able to use mod_ldap and mod_authnz_ldap to authenticate to your Active Directory server.

还有一个相当完整的 PHP LDAP API,您应该研究一下.

There's also a fairly complete LDAP API for PHP, which you should investigate.

相关文章