Difference between #4 and #8 of
How to use ldap in UserIdentity for authentication

Changes

Title unchanged

How to use ldap in UserIdentity for authentication

Category unchanged

Tutorials

Yii version unchanged

Tags changed

Authentication, LDAP

Content changed

It took me a while to get ldap auth working with yii, so I write it down here, maybe it can be of some use.
 
 
Yii does not have a ldapn LDAP class by itself, but you can extend it for example with Zend classes. To authenticate users at you page via ldap, change protected/components/UserIdentity.php in the following way:
 
 
On top of the file add:
 
 
```php 
Yii::import('application.vendors.*');
 
    require_once('Zend/Ldap.php');
 
```
 
 
Delet
its very easy to implement LDAP in the stock UserIdentity class.
 
 
To do so, open your protected/components/UserIdentity.php and remov
e or comment out everythingthe code in the authenticate() function. Then add
 
 
```php 
$options = array(
 
            'host'              => 'your.ldap.host.com',
 
            'username'          => 'your_admin_users_username',
 
            'password'          => 'your_admin_users_password',
 
            'baseDn'            => 'your_base_dn',
 
            'useStartTls'        => true, # if you need startTls
 
    );
 
    $ldap = new Zend_Ldap($options);
 
    try{
 
            $
method, before replacing it with this:
 
 
```php 
$options = Yii::app()->params['ldap'];
 
$dc_string = "dc=" . implode(",dc=",$options['dc']);
 
 
 
$connection = ldap_connect($options['host']);
 
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
 
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
 
 
 
if($connection)
 
{
 
    // Note: in general it is bad to hide errors, however we're checking for an error below
 
    $bind = @
ldap->_bind("cn=".$this->username.",your_base_dn", $this->password);
 
            $auth=true;
 
    }
 
    catch (Exception $e){
 
            $auth=false;
 
    }
 
    if($auth===true)
 
    {
 
           
$connection, "uid={$this->username},ou={$options['ou']},{$dc_string}", $this->password);
 
 
 
    if(!$bind) $this->errorCode = self::ERROR_PASSWORD_INVALID;
 
    else
$this->errorCode= = self::ERROR_NONE;     }
 
    
}
 
return !$this->errorCode; ``` For this to work you need Exception.php, Ldap.phpOnce you have done this, open up your configs/main.php file, and andd the Ldap folder from the library folder of a Zend installation in the folder protected/vendors/Zend
 
 
 
following to the 'params' array at the bottom of the file:
 
 
```php 
'ldap' => array(
 
    'host' => 'hostname',
 
    'ou' => 'organisational-unit', // such as "people" or "users"
 
    'dc' => array('example','com'),
 
),
 
```
 
 
Replace the host with the hostname of the LDAP server, ou with the organisational unit you want to authenticate against (most LDAP servers use a broad terminology, such as "people"), and dc with the base DN.  (For example array("ucla","edu") // ucla.edu)
11 0
18 followers
Viewed: 96 921 times
Version: 1.1
Category: Tutorials
Written by: BeerSerc
Last updated by: Navarr
Created on: Jan 26, 2010
Last updated: 10 years ago
Update Article

Revisions

View all history