How to use ldap in UserIdentity for authentication

11 followers

Yii does not have an LDAP class itself, but its very easy to implement LDAP in the stock UserIdentity class.

To do so, open your protected/components/UserIdentity.php and remove or comment out the code in the authenticate() method, before replacing it with this:

$options = Yii::app()->params['ldap'];
$dc_string = "dc=" . implode(",dc=",$options['dc']);
 
$connection = ldap_connect($options['host']);
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
 
if($connection)
{
    $bind = ldap_bind($connection, "uid={$this->username},ou={$options['ou']},{$dc_string}", $this->password);
 
    if(!$bind) $this->errorCode = self::ERROR_PASSWORD_INVALID;
    else $this->errorCode = self::ERROR_NONE;
}
return !$this->errorCode;

Once you have done this, open up your configs/main.php file, and add the following to the 'params' array at the bottom of the file:

'ldap' => array(
    'host' => 'hostname',
    'ou' => 'organisational-unit', // such as "people" or "users"
    'dc' => array('example','com'),
),

Replace the host with the hostname of the LDAP server, ou with the organisational unit you want to authenticate against (most LDAP servers use a broad terminology, such as "people"), and dc with the base DN. (For example array("ucla","edu") // ucla.edu)

Total 4 comments

#7218 report it
WebDevPT at 2012/03/05 11:30am
Thank you very much

I was just looking for this and this worked like a charm!

Thank you.

#2158 report it
mmezo at 2010/11/19 11:30am
Why not use php ldap internal functions instead of zend's?

If it is just for validation you can aswell use the native LDAP functions of php without having to download/extract classes from another framework (and without exposing the admin passwd of the ldap server).

I have something along the line of the following (wrapped conveniently on a try/catch block in case the ldap connection cannot be established) working for about 1 year with no problem:

$ds=ldap_connect($serverURL);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); 
if ($ds) {
   $r=ldap_bind($ds,"uid=$this->username,ou=Users,dc=example,dc=com",$this->password);
   if (!$r) {
      $this->errorCode=self::ERROR_PASSWORD_INVALID;
   } else {
      $this->errorCode=self::ERROR_NONE;
   }
}
return !$this->errorCode;
#82 report it
iqbalsyamsu at 2010/09/21 02:25am
okay

yes it's works. fyi, ldap server configuration may vary, i use uid instead of cn.

$ldap->bind("uid=".$this->username.",ou=People,dc=blahblah,dc=com", $this->password);

thanks!

#212 report it
csdaraujo at 2010/08/06 06:35pm
adLDAP

You guys should take a look at this: http://adldap.sourceforge.net/

I've done the same thing with 6 lines of code. Couldn't be simpler! :)

Leave a comment

Please to leave your comment.