28 lines
978 B
PHP
28 lines
978 B
PHP
<?php
|
|
$realm = "MY REALM HERE";
|
|
$ldaphost = "my.ldap.host";
|
|
$ldaptls = "yes";
|
|
$ldapbase = "dc=my,dc=server,dc=com";
|
|
$checkuser = "cn";
|
|
function basicAuth() {
|
|
header('WWW-Authenticate: Basic realm="'.$realm.'"');
|
|
header('HTTP/1.0 401 Unauthorized');
|
|
exit;
|
|
}
|
|
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
|
basicAuth();
|
|
} else {
|
|
$tstusername = preg_replace('/[^a-z]/', '-', $_SERVER['PHP_AUTH_USER']);
|
|
$password = $_SERVER['PHP_AUTH_PW'];
|
|
$ldapconn = ldap_connect($ldaphost, 389)
|
|
or error_die("connection to LDAP host failed");
|
|
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3)
|
|
or error_die("failed to set LDAP protocol version 3");
|
|
if ($ldaptls!="no" && $ldaptls!=0 && $ldaptlS)
|
|
ldap_start_tls($ldapconn)
|
|
or error_die($ldapconn, "cannot start LDAP TLS");
|
|
$ldapbind = @ldap_bind($ldapconn, $checkuser.'='.$tstusername.','.$ldapbase, $password)
|
|
or basicAuth();
|
|
$username = $tstuserbname;
|
|
}
|
|
?>
|