php ldap_search query with no authentication
I have a requirement to implement SSO process using php, i am able query
LDAP and able to get the required information(like Alias name and display
name), but is there a way to query ldap without passing the windows
credentials? anything needs to be changed on httpd.conf file.
Here is my php code:
$ldapconn = ldap_connect($host, $port)
$ldaprdn = "CN=<**windows_user**>,OU=xxx,OU=xx,OU=xx,DC=xxxx,DC=xxx,DC=com";
$windows_pass = "yyyyyyyyy";
$ldapBind = ldap_bind($ldapconn, $ldaprdn, $**windows_pass**);
$filter = "mail=x.y@xx.com";
$result = ldap_search($ldapconn, "DC=xxx,DC=com", $filter);
$entries = ldap_get_entries($ldapconn, $result);
echo $entries[0]["samaccountname"][0];
echo $entries[0]["cn"][0];
echo "<pre>";
echo $entries[0]["givenname"][0];
And here is my httpd.conf
LoadModule sspi_auth_module modules/mod_auth_sspi.so
<Directory "D:/xxxx/yyyyy">
Options None
AllowOverride All
Order allow,deny
Allow from all
#AuthName "SSPI Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
#SSPIOmitDomain On
Require valid-user
from the above code i don't want to pass "windows_user" and "windows_pass"
, it should automatically take the windows credentials,if i don't pass i
am getting the connection error, so please advice, this is a security
concern.
No comments:
Post a Comment