New LDAP Library!

[eluser]Iverson[/eluser]
Like most companies, the large corporation I work for uses Windows and AD for all of their user accounts, etc. Well when the web guys that were here before me would make internal web apps for the company, they would always set up new user database. So naturally when I got here, I said “wtf?”. There’s no reason to have 10 different usernames floating around, so I started authenticating against our LDAP server. Once I began doing this over and over, I decided to just make it a simple header. Check it out! This library gives you almost complete functionality on Active Directory.

- Add users
- Edit users
- Add groups
- Add users to groups
- Authenticate against LDAP servers
- Get all users
- And more!

[Mod edit: removed download links due to licensing issues]

[eluser]gullah[/eluser]
Nice work. I'm really impressed by this and I might be putting this too good use in the near future.

[eluser]Pascal Kriete[/eluser]
Incredible.

I used to work as an Administrator on a bunch of servers that all connected to a central LDAP. The online interface was a nightmare (I wasn't responsible ). This is exactly the kind of library I would look for if I were tasked to rewrite it. Stellar work.

[eluser]cahva[/eluser]
Looks interesting. I work in a hosting company and we are moving towards LDAP authentication for all our servers(+30 servers with unix + mysql + puredb authorization=real mess). This could come real handy for our administration. Sorry if this is a dumb question but is this only for active directory? I checked the source a little and got the impression that it would need some tweaking for our LDAP system(well we havent exactly done the final schema yet for our system so things will change).

I personally just sank my teeth into the world of LDAP and I'm really just experimenting and learning to do things with LDAP(thats why I asked about Active directory). I did a simple admin using Pear_LDAP2 just to see how LDAP behaves with PHP but it would be über cool to get things working within CI

[eluser]Iverson[/eluser]
Yeah. I'm trying to get everything I need loaded into CI!
I work for a big IT corporation that uses AD for <b>EVERYTHING</b>. I'm the web developer there so for all my web apps that need a user login, the previous web guy was creating new user databases. What an a**! You know how much people hate having more than login for different web apps? I'm in love with LDAP authentication! lol... Next step...SEAMLESS AUTHENTICATION!

[eluser]Milos Dakic[/eluser]
Another wonderful peace of code to be added to the company project. At work they use AD and they have a massive web system but it has its own account database.

How would you recomend to handle different user permissions? As there are about 25+ emoployees that have very different persmissions within the system. Would you use AD for main authentication then separate the permissions in a different database?

[eluser]wiredesignz[/eluser]
Awesome work Iverson, I will also have use for this in the near future. Thanks.

[eluser]Iverson[/eluser]
[quote author="Milos Dakic" date="1226737528"]How would you recomend to handle different user permissions? As there are about 25+ emoployees that have very different persmissions within the system. Would you use AD for main authentication then separate the permissions in a different database?[/quote]

What would your permissions be used for? Access? If you're trying to get access based on a user, I think this is more of an IT issue. The way our IT guys have it set up is that everybody is in a group. You can use "user_ingroup()" to check that. Users shouldn't have permissions specified by user. They should be by groups. Even if the the group only has one user. I'm not the most knowledgeable when it comes to IT so that's just my take on it.

[eluser]ray73864[/eluser]
you are correct on that assumption Iverson, you should be putting users into groups and applying permissions to those groups, so you might have a group called 'WEB_FORUM_MOD' which might have jbloggs and jcitizen as members of it, which would mean that those 2 can moderate the companies forums for instance.

also, seemless authentication isn't an easy task, i have been looking for a way to do seamless authentication for years with PHP and AD, unfortunately the only ways i have found has been setting environment variables on the machine when the user logs on and all that, a PHP website itself can't actually determine who is currently logged onto the machine.

[eluser]Milos Dakic[/eluser]
@Iverson: Thanks heaps for the reply. Makes sense now. I think currently the company has it as groups but also per user? I'll have to look into it more once everything is getting planned.

@ray73864: Isn't there something that send to the server what the user of the PC is? Even if its just a username, wouldn't that be enough? E.g. John logs in > opens browser > PHP detects username with IP (we use IP based authentication as there are certain parts we don't want accessible from outside of the company) > PHP authenticates and allows access.