I am trying to allow a user to access our intranet site using their Active Directory credentials. I'm new to all these authentication terms LDAP, NTLM and such, and I've never worked with AD before.
As far as I understand, LDAP is a protocol that can be used to talk to the AD server to authenticate a user based on the username and pass. NTLM has something to do with the user login to their their windows environment.
Question is, is there a way to have the browser pass the NTLM information to apache (hosted in a unix environment), php reads that information and do a bind on LDAP to verify the credential?
Following directions on this tutorial: http://siphon9.net/loune/2009/09/ntlm-authentication-in-php-now-with-ntlmv2-hash-checking/ I can get a windows login box popped up with
header('WWW-Authenticate: NTLM');
I was able to get the username, domain name, and workstation name from the NTLM auth message. But if I want to go ahead and authenticate the user, would I need to have the password to do an ldap_bind?
If I just do a form post and ask the user for AD username and password that would be easy, but here I want to be able to let the user use their Windows login (All users's workstations are in the AD and they are logged in through it).
If anyone can give me some pointers, it would be highly appreciated
