When discussing authentication mechanisms within an enterprise setting, two prevalent technologies often come into play:
LDAP (Lightweight Directory Access Protocol)
AD FS (Active Directory Federation Services) using SAML (Security Assertion Markup Language).
LDAP is a protocol used to access and manage directory services over a network. It provides a mechanism for clients to access a centralized directory database where information about users, groups, and other objects within an organization is stored. LDAP is highly regarded for its simplicity and effectiveness in handling directory searches and management operations.
AD FS (Active Directory Federation Services) is a feature of Windows Server that provides users with single sign-on (SSO) access to systems and applications located across organizational boundaries. AD FS uses SAML (Security Assertion Markup Language) to facilitate this process.
Check your domain : systeminfo | findstr /B /C:”Domain”
Uncomment ;extension=ldap in php.ini
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login</title>
</head>
<body>
<h2>Login</h2>
<form action="authenticate.php" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="username" required><br><br>
<label for="password">Password:</label>
<input type="password" id="password" name="password" required><br><br>
<button type="submit">Login</button>
</form>
</body>
</html>
<?php
$ldap_host = "ldap://win-2019.mit.local"; // Use your actual domain controller's address
$ldap_port = 389; // Standard LDAP port, change to 636 for LDAPS if configured
// Connect to LDAP server
$ldap_connection = ldap_connect($ldap_host, $ldap_port);
if (!$ldap_connection) {
die('Could not connect to LDAP server.');
}
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0);
// Assuming you have a user 'username' and 'password' for testing
$username = "chamara@mit.local"; // Specify the user's full UPN
$password = "4b5a-aca4-283cb4a06c1bR";
// Bind to LDAP server
$bind = @ldap_bind($ldap_connection, $username, $password);
if ($bind) {
echo "LDAP bind successful.";
} else {
echo "LDAP bind failed.";
}
ldap_unbind($ldap_connection); // Close the LDAP connection
?>