Symfony user authentication using Active Directory

Question

Is there a way to authenticate users in symfony apps using Active Directory? Can you please point out some documentation?

edit

What i need is to have a transparent login in my application. The user authenticates once at windows logon, then all applications should be accessed with the same credentials without being asked for the domain\username and password again.

I tried the following in a simple php script:

if (!isset($_SERVER['PHP_AUTH_USER'])) {
  header('WWW-Authenticate: Basic realm="my realm"');
  header('HTTP/1.0 401 Unauthorized');
  exit;
} else {
  echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
  echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}

but then i get the authentication form popped up. Is there any way to pass the header the credentials used at windows logon?

Thanks, Radu.

Answer 1

You can do that by writing your own authentication callable for sfDoctrineGuardPlugin (if you're using Doctrine). I'll quote plugins' README here:

Check the user password with an external method

If you don't want to store the password in the database because you already have a LDAP server, a .htaccess file or if you store your passwords in another table, you can provide your own checkPassword callable (static method or function) in app.yml:

all:
  sf_guard_plugin:
    check_password_callable: [MyLDAPClass, checkPassword]

When symfony will call the $this->getUser()->checkPassword() method, it will call your method or function. Your function must takes 2 parameters, the first one is the username and the second one is the password. It must returns true or false. Here is a template for such a function:

function checkLDAPPassword($username, $password)
{
  $user = LDAP::getUser($username);
  if ($user->checkPassword($password))
  {
    return true;
  }
  else
  {
    return false;
  }
}

Answer 2

You could give the bhLDAPAuthPlugin a try?