Changes
Title
unchanged
How to use ldap in UserIdentity for authentication
Category
unchanged
Tutorials
Yii version
unchanged
Tags
changed
Authentication, LDAP
Content
changed
It took me a while to get ldap auth working with yii, so I write it down here, maybe it can be of some use.
Yii does not have a ldapn LDAP class by itself, but you can extend it for example with Zend classes. To authenticate users at you page via ldap, change protected/components/UserIdentity.php in the following way:
On top of the file add:
```php
Yii::import('application.vendors.*');
require_once('Zend/Ldap.php');
```
Deletits very easy to implement LDAP in the stock UserIdentity class.
To do so, open your protected/components/UserIdentity.php and remove or comment out everythingthe code in the authenticate() function. Then add
```php
$options = array(
'host' => 'your.ldap.host.com',
'username' => 'your_admin_users_username',
'password' => 'your_admin_users_password',
'baseDn' => 'your_base_dn',
'useStartTls' => true, # if you need startTls
);
$ldap = new Zend_Ldap($options);
try{
$method, before replacing it with this:
```php
$options = Yii::app()->params['ldap'];
$dc_string = "dc=" . implode(",dc=",$options['dc']);
$connection = ldap_connect($options['host']);
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
if($connection)
{
// Note: in general it is bad to hide errors, however we're checking for an error below
$bind = @ldap->_bind("cn=".$this->username.",your_base_dn", $this->password);
$auth=true;
}
catch (Exception $e){
$auth=false;
}
if($auth===true)
{
$connection, "uid={$this->username},ou={$options['ou']},{$dc_string}", $this->password);
if(!$bind) $this->errorCode = self::ERROR_PASSWORD_INVALID;
else $this->errorCode= = self::ERROR_NONE;
}
}
return !$this->errorCode;
```
For this to work you need Exception.php, Ldap.phpOnce you have done this, open up your configs/main.php file, and andd the Ldap folder from the library folder of a Zend installation in the folder protected/vendors/Zend
following to the 'params' array at the bottom of the file:
```php
'ldap' => array(
'host' => 'hostname',
'ou' => 'organisational-unit', // such as "people" or "users"
'dc' => array('example','com'),
),
```
Replace the host with the hostname of the LDAP server, ou with the organisational unit you want to authenticate against (most LDAP servers use a broad terminology, such as "people"), and dc with the base DN. (For example array("ucla","edu") // ucla.edu)