+ Post New Thread
Results 1 to 7 of 7
Web Development Thread, LDAP? What is It? why do I need it? How can I use it? in Coding and Web Development; I've noticed alot of web based programs harping on about LDAP and how I can make it so they use ...
  1. #1
    mossj's Avatar
    Join Date
    Dec 2008
    Location
    Leicester
    Posts
    1,466
    Thank Post
    157
    Thanked 189 Times in 174 Posts
    Rep Power
    52

    LDAP? What is It? why do I need it? How can I use it?

    I've noticed alot of web based programs harping on about LDAP and how I can make it so they use our AD Logins... Just one thing how?

    Most of our web based programs (MRBS, JOOMLA, GALLERY2, LIMESURVEY, WIKI) are based on a external host, but our exchange box is internal, using AD with a fixed IP so presumably this is what will serve the LDAP. So can I actually use LDAP?

    How do you do it, is it enabled by default? do I have to install something? Configure something? I've googled my a** off but can't find any of these basics

  2. #2

    Domino's Avatar
    Join Date
    Oct 2006
    Location
    Bromley
    Posts
    4,126
    Thank Post
    215
    Thanked 1,255 Times in 786 Posts
    Blog Entries
    4
    Rep Power
    505
    LDAP is lightweight directory authentication protocol, and it can be used to use active directory logons for a web app.

    Theres a apache add in to allow it to be used, however, if you're talking about getting your externally hosted apps authenticated with it you're out of luck.

    You'd need them to have access to your active directory structure on a domain controller, which you'd have to have a domain trust with your external provider to set up.

    For internal stuff you can certainly use it - have a look at some of the docs on setting subversion to use ldap auth to get a feel of whats involved with Apache.

  3. #3

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    LDAP standards for Lightweight Directory Access Protocol and essentially allows applications to use SSO or Single Sign-On, so users use the same username and password as they would to logon to the domain.

    LDAP needs to be written into the code of the applications you're using to support it. You can in theory authenticate over the web, however this would mean you'd have to setup your server as public facing, so it'd have to be kept right up-to-date security wise and hosted behind a hardware firewall.

  4. #4

    Join Date
    Jul 2009
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    It's a way of accessing objects and attributes within a directory. For instance many organisations use LDAP as an address book (you probably store email addresses in your Active Directory or equivalent).

    Whilst you can perform LDAP connections over SSL (LDAPS) you'd be much better off hosting any LDAP integrated services internally.

  5. #5

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,341
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    I wouldn't think you don't need a domain trust with an outside provider to use ldap only if they were using ntlm or similar to authenticate against your ad.

    LDAP looks up the username to see if it's valid and then tries to bind as that user if the bind is a success then the credentials are correct and valid.

    Ben

  6. #6

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    A powdarrmonkey analogy: LDAP is like a big phone book; it hold all sorts of information for some type of object, like a user. It's extendable, so you can add your own fields, but it can enforce permission too.

  7. #7

    Join Date
    Aug 2005
    Location
    London
    Posts
    3,154
    Thank Post
    114
    Thanked 527 Times in 450 Posts
    Blog Entries
    2
    Rep Power
    123
    If you want externally hosted stuff to use LDAP to authenticate against your internal AD then you can use ADFS - brief excerpt:

    "By employing ADFS, organizations can extend their existing Active Directory infrastructures to provide access to resources that are offered by trusted partners across the Internet. These trusted partners can include external third parties or other departments or subsidiaries in the same organization.
    ADFS is tightly integrated with Active Directory. ADFS retrieves user attributes from Active Directory, and it authenticates users against Active Directory. ADFS also uses Windows Integrated Authentication."

SHARE:
+ Post New Thread

Similar Threads

  1. Help with MRBS and LDAP
    By bonjour in forum Network and Classroom Management
    Replies: 11
    Last Post: 8th October 2009, 08:23 AM
  2. LimeSurvey and AD LDAP
    By TechMonkey in forum Web Development
    Replies: 1
    Last Post: 1st June 2009, 02:13 PM
  3. LDAP
    By Hightower in forum How do you do....it?
    Replies: 10
    Last Post: 20th June 2008, 12:28 AM
  4. GLPI - Ldap
    By j17sparky in forum Web Development
    Replies: 14
    Last Post: 29th October 2007, 04:22 PM
  5. ldap on php
    By browolf in forum Web Development
    Replies: 11
    Last Post: 8th May 2007, 09:33 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •