Active directory authentication via php.

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


I'm in a bit of a pickle..  at the company where I recently started
work, I discovered that the knowledge base we use sucks, and sucks bad
(oh Lotus Notes, how I loathe thee, let me count the ways)

So for kicks and giggles, I found a nice "personal notebook" solution
on the net called:

When this had ballooned into a big, nice knowledge base, I discovered
that there's a server-side version of it called cctiddly :

So as a test I found a free apache/php/sql solution: - copied the cctiddly into
it, and the thing worked!

As you can see, up until now, no real programming has been undertaken
by me, at this point, I've just been at most playing around with
installing plugins into my tiddlywiki.

Of course, also, now I'm faced with the ultimate question... what's
the best way to authenticate people who want access to the wiki?

I've researched a bit, and discovered that you can enable LDAP access
via php, so theoretically you can authenticate people through AD...
which is excellent!  People can just use their usual username and
password, no need to remember yet another user/pass, and no need for
admin to have to control yet another admin control thingum.

So I've been testing this out, browsing through information, and as a
test I created this:

echo "<h3>LDAP query test #1</h3>";
echo "Connecting ...";
$ldap_host = "localhost";
$ldap_user = "";
$ldap_pass = "password";
$connect = ldap_connect($ldap_host) or die ("No Connection to LDAP
server");  // must be a valid LDAP server!
echo "connect result is " . $connect . "<br />";

    if (ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
   echo "Using LDAPv3 <br />";
} else {
   echo "Failed to set protocol version to 3 <br />";

if ($connect) {
    echo "Binding to server...";
    $bind=ldap_bind($connect, $ldap_user, $ldap_pass);
    echo "Bind result is " . $bind . "<br />";
- Now this works.. if I remove the $ldap_pass in the
"$bind=ldap_bind($connect, $ldap_user, $ldap_pass); " line, because
then I'm connecting anonymously to the LDAP server...

But when I try to authenticate to the server with the password I get
this error:

"Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server:
Strong(er) authentication required in C:\Program Files\xampp\htdocs
\wiki\adtest.php on line 21"

- which made me go, whu?

Now I can't change the settings on the domain controller, as I'm not
the sysadmin.. so I need to somehow create a stronger authentication
to the server.. now how the hell do I do that?

I can't install an SSL certificate, because there isn't one on the
server, is there some way for me to make the password meet the bare
minimum requirements for a stronger authentication without having to
use SSL?

An administratoir I know recommended to try to figure out how to use
either NTLM or KERBEROS... which is at least perhaps something.

Can anyone give me any tips, however vague on how I could do this?

Thanks for any replies.

Site Timeline