I've checked with my current web host and they dont support LDAP in their PHP config because of security issues (!?) is there anything else i can do with PHP and my ldap server?
Well it sounds like you are exposing your own LDAP server - but perhaps on a differnt host?
OR
You mean they don't provide a version of PHP compiled with LDAP support to act as a client.
A few thoughts:
1) "Security Issues" is an easy excuse for anything. That is not to say the LDAP libraires don't require certain security measures, but to avoid a technology altogether is not the most elegant solution.
So I would scrutinize your selection of provider.
2) However, you can, assuming some elevated access (root, sudo) just compile your own version of PHP with LDAP
http://www.php.net/manual/en/ldap.installation.php
Related
This is not a new topic, but the information I find is always covering only a bit or not exactly what I would need. Here's the "issue"
I'm building a web application, on a Debian / Apache / PHP host.
The web server is NOT in our Active Directory, nor will it be.
Now the web application would need to query Microsoft SQL servers to gather the information to display and so on.
Now, I've installed the Microsoft SQL drivers (version 17) and try to connect. This gives errors because we only allow windows authentication and not directly SQL authentication.
This is where the problem starts. I cannot find any proper documentation on how to get this working. It seems that if you connect without UID and PWD, it tries to logon with the UID owner of the process. This is in this case the APACHE user...which is an account on the Linux server, not known in the Active Directory /Domain. I can't have the Apache server run as a windows account, since that will impact other domains and applications running on that web server. Meaning I'm stuck....
So the questions are basically:
Is there really no proper solution to implement Windows Authentication to MSSQL with PHP (so without work arounds and so on?
Is there any site where this is explained in detail or any developed module for PHP, maybe with javascript or anything.
I can't believe this is not possible, but can't find any working solutions...
Thanks in advance everyone for taking the time to read and reply!
I have a PHP application running with Nginx on a Linux server and it has a successful integration with my Active Directory using LDAP.
In the current scenario, the user is able to create a new login for the app or use his Windows credentials to log into the application.
Now, I'm trying to implement a complete Single-Sign On (SSO) and the user logged with his credentials in the Windows machine in the domain will be able to open the app logged without use the credentials again.
Doing some research on it, since my Linux server are not in the same domain, the best options is use NTLM (old and insecure), Kerberos protocol or Negotiate protocol (that will choose among NTLM and Kerberos for each request), depending on Windows version and what is implemented in the Domain Controller.
There is a lot of tutorials in the internet and also some good threads on the theme here in SO. This another link shows a good overview about the options using Apache as web server (for Kerberos option, I found a Nginx port, so this is not the main problem).
Well, I created some test application using these approaches (including all changes in the browser side, limited to Firefox), but all of then are dependents of Web Server (Apache, Nginx or even IIS). Since My app already has a complete integration with AD through LDAP, I'm interested in some Web Server independent solution. Are there any way to "bypass" the authentication in Web Server and get the information about the logged user direct on my PHP code (Client (Firefox) to Server (PHP))?
My best guesses for now are some type of "pure" PHP implementation of Kerberos, that needs of a PECL module or NTLM, that is insecure and still asks for the user credentials in the first request.
I know that maybe its impossible, but I'm asking it for the case that I missed something important information in this research. Is it possible to get the windows user info direct in PHP?
If you don't insist on nginx use Apache Web Server 2.4 with mod_auth_gssapi this is great, high quality code written by people who know what they do. I have been doing this for years for my PHP stuff.
I'm currently exposing a WebDAV server using SabrePHP which allows me to expose a virtual filesystem based on a MongoDB database and a GridFS implementation to store files.
Now, it works quite well with Cyberduck, but here's the problem, only with Cyberduck. I smashed my head against the walls more than once to make the authentication work with the Windows built-in DAV client implementation just to see that it required special headers and authentication strategy to work.
So I'd like to know if there is any kind of alternative to WebDAV. My first thought was FTP, but I don't know if it is possible to expose an FTP "server" in PHP (cheating with the protocol in some dark apache configuration), and if it will work with my whole filesystem stored in database.
For my login system, I would like to check a username and password against a remote LDAP server using PHP.
Can anyone tell me if just checking a user against LDAP will work on an inexpensive hosting plan from a company such as GoDaddy, 1&1, or Dreamhost?
Ex:
$objConn = ldap_connect($strDomain);
I don't want to run an LDAP server, just simply use the LDAP functions of PHP to verify an account.
The best option would be to email their respective support departments and ask this exact question; I'm sure they'll be able to help you. Everyone's setup is likely to be different, so this is probably the best approach. As long as the support is compiled-in and you've got network connectivity to your LDAP host (which you should probably access over SSL/TLS, if possible), you should be fine.
I'm a 10+ yr Dreamhost client and had this same question. The response from DH Support team was less than helpful, but I found this nugget:
The cURL library ('libcurl') ... currently supports the http, https, ftp, gopher, telnet, dict, file, and ldap protocols.
Source: https://help.dreamhost.com/hc/en-us/articles/216688028-cURL-overview
Also, very helpful cURL debugging info at https://curl.haxx.se/docs/httpscripting.html
Haven't gotten the authentication worked out just yet, but I'm getting closer with this.
I'm trying to use OpenID on my site but I get this error:
Protocol https not supported or
disabled in libcurl
Can anyone please tell what does it mean? My website is running on shared linux hosting.
I use this script: http://gitorious.org/lightopenid
Thanks in advance
It means exactly what is says! Your Open ID implementation (lightopenid) wants to communicate securely with an Open ID server over HTTPS - HTTPS is an optional feature in PHP/Curl and your web host has not enabled this feature. Your options are to ask your hosting provider to enable this feature or to find an alternative which doesn't use Curl. For the latter option, you'll probably find that alternatives also don't have the HTTPS option enabled.
Finally, you may be able to tell lightopenid to not use HTTPS, thus sidestepping this problem, however this doesn't seem like a very robust solution to me, use this only on dev sites, never with real users' accounts.