By MJoyce-1 on

Hi all,

I have cobbled together a function which returns an email address if ldap authentication with our active directory is sucessful.

 function authenticate($user,$secret)
 {
   $server="server.our.domain";
   $local_domain="@our.domain";
   $dn="OU=myou,DC=our,DC=domain";
   $attributes = array("mail", "l");
   $filter = "(samaccountname=" . $user  . ")";
   if(!$ad=ldap_connect("$server")) return false;

   ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);

   if(!$bd = ldap_bind($ad,$user.$local_domain,$secret)) return false;

   $result = ldap_search($ad, $dn, $filter, $attributes);
   $entries = ldap_get_entries($ad, $result);
   for ($i=0; $i<$entries["count"]; $i++) {
     return $entries[$i]["mail"][0];
   }
   ldap_unbind($ad);
 }

What would be involved to use this to authenticate drupal users instead of authenticating against the drupal db ?
I'm out of my depth here, so I hope this does not come accross as an overly daft question.

I'll check out the FM and try to fathom it myself, but I'd appreciate any help.

Thanks

Matt
http://www.ccia.org.au

Comments

moshe weitzman’s picture

moshe weitzman commented

If you are using IIS, consider using webserver_auth module

MJoyce-1’s picture

MJoyce-1 commented

I'm running woody/apache and ubuntu/apache.
I *could* run on iis6 but it seems an extreme move.

We're (ccia) a non-profit org, but I'd be interested in talking to anyone who can code me a comprehensive ldap/imap/smtp/pop3 authentication module.

What about a generic authentication module, where the actual authentication code could be pasted in as a config setting ?

I really think having better AD integration would be a benefit to the drupal project.

sepeck’s picture

sepeck commented

You could take a look at this project. From the readme it may do what you need.
http://drupal.org/node/15109

-Steven Peck
---------
Test site, always start with a test site.
Drupal Best Practices Guide