Active Directory setup
For this article, we used Windows Server 2008 and had setup pcqlinux.net as the domain. Assuming that you have already installed and setup Active Directory, let's create a user called 'Shekhar Govindarajan' in the directory. Click on Start>Administrative Tools>Active Directory Users and Computers. Right click on Users, under the domain, and select New>User. Type in the following details:

The ADSI Edit console in Windows server gives a detailed peek into the directory organization of Active Directory. This is quite useful to understand and query an Active Directory. ADSI Edit can be launched via adsiedit.msc.

First name: Shekhar
Last name: Govindarajan
User logon name: shekhar.govindarajan

Click on 'Next' and type in the password as pass@word2. Uncheck the box 'User must change password at next logon'. Click on 'Next' and then on 'Finish'. Right click on the newly created user (found in the right pane) and select properties. Under the General tab, type in shekhar. govindarajan@pcqlinux.net for Email. You may like to substitute all the above mentioned details with your own. Next we configure each of the above mentioned open source products. Note that almost all these products can be installed on Windows too but that is not required for the authentication. That is, you can deploy these products on Linux and they can authenticate with an Active Directory on Windows. Also note that in many cases we would require the credentials of an Active Directory account who can bind and search through the directory. We will be using the Administrator account with the password as pass@word1 for this purpose. In real world deployment, you must not use the Administrator account but create a low privilege account for this purpose.

Authenticate your custom PHP app
Using adLDAP, you can authenticate any custom or home made application against an Active Directory. Download adLDAP from http://adldap.sourceforge. net and extract the archive. You will find a file named adLDAP.php. Open this file in a text editor and make the following changes (as per the Active Directory setup):

var $_account_suffix="@pcqlinux.net";
var $_base_dn = "CN=Users,DC=pcqlinux,DC=net";
var $_domain_controllers = array ("ad.pcqlinux.net");

Note that for $_domain_ controllers you will need to specify the IP address or the hostname (ad.pcqlinux.net in our case) of the Active Directory. Save the file. Now in the login page (say login.php) of your PHP application include the above file as:

include(?adLDAP.php?);

Next with the following code you can authenticate with the Active Directory:

function authenticateWithAd($username,$password)
{
$adLDAP = new adLDAP();
$auth = $adLDAP->authenticate($username,$password);
return $auth;
}

The function will return a 'true' if the authentication succeeds and a 'false', otherwise. Next we look at configuring existing open source products for Active Directory authentication. Many have built-in capability. Others require plugins or code modifications. We assume your familiarity with the product(s) and will be explaining only the authentication part.