468,133 Members | 1,439 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,133 developers. It's quick & easy.

Retrieve Win.2003 Active Directory user

Vio
Hello everyone,

i currently a beginner in php.
I want to ask about Win2003 Active Directory users. Is it possible to
retrieve Win2003 AD (just username & password) with php.
I'm currenty developing web based application for my small office. I
put my Apache+php+MySQL in Win2003 Server. My Clients using IE as
default browser.
What i want to do is to integrated active directory user with my
application.
So the user who log on with active directory user could use the
application. but the level usage of the application is set on mysql
database.
Each time user information has changed in active directory, it also
update the user information in mysql database.

Is it possible to do it ? How or what should i do or where else i can
find the answer about it.
Or are there any other suggestion?

Regards,
Vio.
Jun 2 '08 #1
7 2522
Vio escribió:
I want to ask about Win2003 Active Directory users. Is it possible to
retrieve Win2003 AD (just username & password) with php.
You can retrieve information from the Active Directory using LDAP
functions and you can definitively ask for credentials and validate them
yourself. See the "LDAP functions" chapter in the manual for further
reference. However, I don't think you can get the currently validated
user and, if you could get it, you shouldn't trust that information.

I believe you can use NTLM authentication (the authentication protocol
used in Windows shares) through HTTP but you'd need a browser that
supports it:

http://www.innovation.ch/personal/ronald/ntlm.html
http://www.testingreflections.com/node/view/1365
BTW, I found this package while Googling:

http://phpad.sunyday.net/
--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
--
Jun 2 '08 #2
Vio
Thank you Mr.Alvaro for reply me.
I think the link you've send me (http://phpad.sunyday.net) is gonna be
useful.
However, I don't think you can get the currently validated
user and, if you could get it, you shouldn't trust that information.
Could you explain to me why i shouldn't trust that information.

The application that i'm doing currently is gonna have function to
access the file server also. that's why i think i need the active
directory users to determine the user level security access when user
have to access certain directory in file server (which is using
win2003 too) using my web application.

The application send the user name that has been store in mysql to
active directory and let the active directory proses the information.
if the user valid the active directory will send back notification or
information to the application about the user name. if valid then the
application will open the access.

In other hand the application it self also have some kind of level
security to determine which user(get from AD) should be given access
to do insert,update,and delete data (mysql).
Thats the plan.

Please correct me if my plan with the application is wrong or miss
direction or whatever you think should be corrected.

Regards,
Vio
Jun 2 '08 #3
Vio escribió:
>However, I don't think you can get the currently validated
user and, if you could get it, you shouldn't trust that information.

Could you explain to me why i shouldn't trust that information.
My browser can tell you I'm the user "Administrator". How can you know
it's true? You need further info to make sure, such as a password or an
authentication token you can validate against the domain server.

My knowledge about AD internals doesn't go much further, though.

At first glance I see nothing wrong in your approach it it's not a
problem that the web server can access all the files in the file server;
but I'm not an expert.

--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
--
Jun 2 '08 #4
Vio
Again thank you Mr.Alvaro,
My browser can tell you I'm the user "Administrator". How can you know
it's true? You need further info to make sure, such as a password or an
authentication token you can validate against the domain server.
Yes, i get it. i need to validate the user name and password.
My knowledge about AD internals doesn't go much further, though.
At first glance I see nothing wrong in your approach it it's not a
problem that the web server can access all the files in the file server;
but I'm not an expert.
At least you know more or know first rather than i do, i assumed. :)
i'm just a beginner/newbie. Still learning :)
Regards,
Vio
Jun 2 '08 #5
Vio schreef:
Again thank you Mr.Alvaro,
>My browser can tell you I'm the user "Administrator". How can you know
it's true? You need further info to make sure, such as a password or an
authentication token you can validate against the domain server.

Yes, i get it. i need to validate the user name and password.
>My knowledge about AD internals doesn't go much further, though.
At first glance I see nothing wrong in your approach it it's not a
problem that the web server can access all the files in the file server;
but I'm not an expert.

At least you know more or know first rather than i do, i assumed. :)
i'm just a beginner/newbie. Still learning :)
Nothing wrong with being a newbie. :-)

But if your application serves sensitive information, I would advise you
to get a security audit before going live.
An experienced PHP coder can try to break your app with things like SQL
injection, screwed up PHPSESSIDs, circumvent your login-logic, etc..
Better safe than sorry. :-)

Regards,
Erwin Moller

>

Regards,
Vio
Jun 2 '08 #6
Vio
Erwin Moller :
Nothing wrong with being a newbie. :-)
Thank you for you support :-)
But if your application serves sensitive information, I would advise you
to get a security audit before going live.
An experienced PHP coder can try to break your app with things like SQL
injection, screwed up PHPSESSIDs, circumvent your login-logic, etc..
Better safe than sorry. :-)
The application is for internal use (LAN Only). However the security
issues is on top.
Again thank you for remind and warning me.
It's great to meet people who willing to share their knowledge and
advise to others.
I want someday i've got many to give others too.
If i have further questions please don't ignore this newbie. :-p

Regards,
Vio.
Jun 2 '08 #7
Vio wrote:
Erwin Moller :
>Nothing wrong with being a newbie. :-)

Thank you for you support :-)
>But if your application serves sensitive information, I would advise you
to get a security audit before going live.
An experienced PHP coder can try to break your app with things like SQL
injection, screwed up PHPSESSIDs, circumvent your login-logic, etc..
Better safe than sorry. :-)

The application is for internal use (LAN Only). However the security
issues is on top.
Again thank you for remind and warning me.
It's great to meet people who willing to share their knowledge and
advise to others.
I want someday i've got many to give others too.
If i have further questions please don't ignore this newbie. :-p

Regards,
Vio.
And a large portion of break-ins are internal - disgruntled employees,
ones about to be fired, etc.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jun 2 '08 #8

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by B. Zuidgeest | last post: by
6 posts views Thread by Leo_Surf | last post: by
1 post views Thread by tangus via DotNetMonster.com | last post: by
3 posts views Thread by BlueSky | last post: by
1 post views Thread by gcdp | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.