Difference between #1 and #8 of
How to use ldap in UserIdentity for authentication

Changes

Title changed

How to use ldap in UserIdentity for authentication

Category unchanged

Tutorials

Yii version unchanged

Tags changed

Authentication, LDAP

Content changed

It took me a while to get ldap auth working with yii, so I write it down here, maybe it can be of some use.
 
 
Yii does not have a ldapn LDAP class by itself, but you can extend it for example with Zend classes. To authenticate users at you page via ldap, change protected/components/UserIdentity.php in the following way:
 
 
On top of the file add:
 
 
    Yii::import('application.vendors.*');
 
    require_once('Zend/Ldap.php');
 
 
Deletits very easy to implement LDAP in the stock UserIdentity class.
 
 
To do so, open your protected/components/UserIdentity.php and remove or comment out everythingthe code in the authenticate() function. Then add
 
 
    $options = array(
 
            'host'              => 'your.ldap.host.com',
 
            'username'          => 'your_admin_users_username',
 
            'password'          => 'your_admin_users_password',
 
            'baseDn'            => 'your_base_dn',
 
            'useStartTls'        => true, # if you need startTls
 
    );
 
    $ldap = new Zend_Ldap($options);
 
    try{
 
            $method, before replacing it with this:
 
 
```php 
$options = Yii::app()->params['ldap'];
 
$dc_string = "dc=" . implode(",dc=",$options['dc']);
 
 
 
$connection = ldap_connect($options['host']);
 
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
 
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
 
 
 
if($connection)
 
{
 
    // Note: in general it is bad to hide errors, however we're checking for an error below
 
    $bind = @ldap->_bind("cn=".$this->username.",your_base_dn", $this->password);
 
            $auth=true;
 
    }
 
    catch (Exception $e){
 
            $auth=false;
 
    }
 
    if($auth===true)
 
    {
 
           $connection, "uid={$this->username},ou={$options['ou']},{$dc_string}", $this->password);
 
 
 
    if(!$bind) $this->errorCode = self::ERROR_PASSWORD_INVALID;
 
    else $this->errorCode= = self::ERROR_NONE;     }
 
    }
 
return !$this->errorCode;
 
For this to work you need Exception.php, Ldap.php```
 
 
Once you have done this, open up your configs/main.php file, and andd the Ldap folder from the library folder of a Zend installation in the folder protected/vendors/Zend
 
 
 
following to the 'params' array at the bottom of the file:
 
 
```php 
'ldap' => array(
 
    'host' => 'hostname',
 
    'ou' => 'organisational-unit', // such as "people" or "users"
 
    'dc' => array('example','com'),
 
),
 
```
 
 
Replace the host with the hostname of the LDAP server, ou with the organisational unit you want to authenticate against (most LDAP servers use a broad terminology, such as "people"), and dc with the base DN.  (For example array("ucla","edu") // ucla.edu)
11 0
18 followers
Viewed: 90 283 times
Version: 1.1
Category: Tutorials
Tags: authentication, LDAP
Written by: BeerSerc
Last updated by: Navarr
Created on: Jan 26, 2010
Last updated: 10 years ago
Update Article
Revert to #1 | Revert to #8

Revisions

View all history