[Cialug] Linux/Apache and Active Directory
James Shoemaker
james at dhlake.com
Thu Jan 14 13:34:43 CST 2010
Mathew R. Phillips wrote:
> Ok well you might be the right person to ask. Is there an attribute
> in AD that is updated when a user logs in and out? like a timestamp
> or a boolean or something. Because the people that are using these
> applications will already be authenticated on the domain when they
> log into their stations.
You will need to use kerberos if you want them authenticated without
logging in again. for group membership ldap will do.
> -----Original Message----- From: cialug-bounces at cialug.org on behalf
> of James Shoemaker Sent: Thu 1/14/2010 12:35 PM To: Central Iowa
> Linux Users Group Subject: Re: [Cialug] Linux/Apache and Active
> Directory
>
> Mathew R. Phillips wrote:
>> I'm developing some small php applications for an intranet at a
>> local business. They are a windows shop but not opposed to using
>> open source for the intranet. However, they want users to be
>> authenticated by their group membership in active directory
>> (management to the management pages) and so on. I've done quite a
>> bit of research on it and how unix can authenticate with Active
>> directory but nothing that really fits what I need has appeared to
>> me. I've seen some things that use an IIS server as a sort of proxy
>> to authenticate the users and send information back to the apache
>> server but I was hoping to do it all within the linux box. Does
>> anyone have any suggestions or experience with doing this sort of
>> thing?
>
> I just finished hacking a php application to authenticate against
> active directory and secure permissions by group membership through
> LDAP, its pretty easy once you get by the funky AD schema.
>
> Just use the standard php LDAP calls, it's like querying a database
> through a clunky interface.
More information about the Cialug
mailing list