Difference between #5 and #7 of
How to use ldap in UserIdentity for authentication

Revision #7 has been created by Navarr on Jan 31, 2012, 5:57:06 PM with the memo:

fixed a typo, added "LDAP" tag
« previous (#5) next (#8) »

Changes

Title unchanged

How to use ldap in UserIdentity for authentication

Category unchanged

Tutorials

Yii version unchanged

Tags changed

Authentication, LDAP

Content changed

It took me a while to get ldap auth working with yii, so I write it down here, maybe it can be of some use.
 
 
Yii does not have a ldapn LDAP class by itself, but you can extend it for example with Zend classes. To authenticate users at you page via ldap, change protected/components/UserIdentity.php in the following way:
 
 
On top of the file add:
 
 
```php 
Yii::import('application.vendors.*');
 
    require_once('Zend/Ldap.php');
 
```
 
 
Deletits very easy to implement LDAP in the stock UserIdentity class.
 
 
To do so, open your protected/components/UserIdentity.php and remove or comment out everythingthe code in the authenticate() function. Then add
 
 
```php 
$options = array(
 
            'host'              => 'your.ldap.host.com',
 
            'username'          => 'your_admin_users_username',
 
            'password'          => 'your_admin_users_password',
 
            'baseDn'            => 'your_base_dn',
 
            'useStartTls'        => true, # if you need startTls
 
    );
 
    $ldap = new Zend_Ldap($options);
 
    trymethod, before replacing it with this:
 
 
```php 
$options = Yii::app()->params['ldap'];
 
$dc_string = "dc=" . implode(",dc=",$options['dc']);
 
 
 
$connection = ldap_connect($options['host']);
 
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
 
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
 
 
 
if($connection)
 
{         $$bind = ldap->_bind("cn=".$this->username.",your_base_dn", $this->password);
 
            $auth=true;
 
    }
 
    catch (Exception $e){
 
            $auth=false;
 
    }
 
    if($auth===true)
 
    {
 
           $connection, "uid={$this->username},ou={$options['ou']},{$dc_string}", $this->password);
 
 
 
    if(!$bind) $this->errorCode = self::ERROR_PASSWORD_INVALID;
 
    else $this->errorCode= = self::ERROR_NONE;     }
 
    }
 
return !$this->errorCode; ``` For this to work you need Exception.php, Ldap.phpOnce you have done this, open up your configs/main.php file, and andd the Ldap folder from the library folder of a Zend installation in the folder protected/vendors/Zend
 
 
 
following to the 'params' array at the bottom of the file:
 
 
```php 
'ldap' => array(
 
    'host' => 'hostname',
 
    'ou' => 'organisational-unit', // such as "people" or "users"
 
    'dc' => array('example','com'),
 
),
 
```
 
 
Replace the host with the hostname of the LDAP server, ou with the organisational unit you want to authenticate against (most LDAP servers use a broad terminology, such as "people"), and dc with the base DN.  (For example array("ucla","edu") // ucla.edu)
11 0
18 followers
Viewed: 90 335 times
Version: 1.1
Category: Tutorials
Tags: authentication, LDAP
Written by: BeerSerc
Last updated by: Navarr
Created on: Jan 26, 2010
Last updated: 10 years ago
Update Article
Revert to #5 | Revert to #7

Revisions

View all history