Is automatic LDAP authorization possible?

D

dake12312015-06-08 08:33:06

PHP

dake1231, 2015-06-08 08:33:06

Hello! Is it possible to authorize the client automatically when the site starts, provided that it is in the domain? That is, a person sits down at a computer, enters windows, through his AD login and password, launches a browser and immediately gets to the main part of the site without authorization. If so, how? What is the scheme of work?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

I

Igor, 2015-06-08
@merryjane

mod_ntlm definitely works for example with the default Bitrix.
The scheme is simple, a linux server with a website is entered into the domain via samba + kerberos. The ntlm module is added to Apache. If you are interested in the details, download the Bitrix virtual machine and take a look. There there are scripts all this adjusting on the minimum input data.

A

Andrey Mokhov, 2015-06-08
@mokhovcom

banned in google chtol?

G

Gregory, 2015-06-08
@difiso

There is mod_authnz_ldap for apache.
At apache, information about the user is passed through environment variables. You just have to load it into the session.
I found nginx nginx-ldap-auth or similar. How it works I don't know.