First things first, you’ll need to make sure you have LDAP support installed. You can double check this by creating a php info page:

echo phpinfo();


If you run this page & see the LDAP support in there, you are good to go. If not, you’ll need to recompile PHP with ldap support by adding the –with-ldap[=DIR] option to the configure options. For sake of brevity i’ll assume you understand how to make an HTML login form. Once you have created this, you will want to capture the username & password that the user submits. Now you’ll need to connect to the ldap server:


session_start(); #make sure this is at the top of your PHP file.
$adServer = "127.0.0.1"; #replace with your AD server ip/hostname
$ldapconn = ldap_connect($adServer)
or $this->msg = "Could not connect to LDAP server.";

Now that we’re connected, you can attempt to authenticate the username/password submitted, which will return a boolean value:


$ldaprdn = $adServer . "\\" . $_POST["email"];
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $_POST["password"]);


if ($ldapbind) {
$msg = "Successfully Authenticated";
$_SESSION['email'] = $email;
$_SESSION['password'] = $password;
return true;
} else {
$msg = "Invalid email address / password";
return false;
}


Now that you have stored the authenticated username/password in the users session data, you just need to run this same script before each page loads as you would with mysql user authentication.

From my experience, half the battle was getting my app to talk to the AD server, so best to be clear with your IT guys as to what you are attempting & what you need to minimize frustration . This was a pretty quick overview, so if you have any questions feel free to drop a comment and i will be happy to help. You can also check out the great documentation @ php.net.

Related Posts:

1. Tutorial: iPhone twitter push notifications using Tweetie
2. How to setup a static route in OSX Leopard
3. Pick of the week: tripit.com