views:

15

answers:

1

I create a login form to bind to the ldap server, if successful, it creates a session (which the user's username is stored within), then I go to another page that has session_start(); and it works fine.

What I want to do now, is add code to test if that user is a member of a specific group.

So in theory, this is what I want to do

if(username session is valid) {
  search ldap for user -> get list of groups user is member of

  foreach(group they are member of) {
    switch(group) {
      case STAFF:
      print 'they are member of staff group';
      $access = true;
      break;

      default:
      print 'not a member of STAFF group';
      $access = false;
      break;
    }

    if(group == STAFF) {
     break;
    }

   }

   if($access == TRUE) {
    // you have access to the content on this page
   } else {
    // you do not have access to this page
   }
}

How do I do a ldap_search w/o binding? I don't want to keep asking for their password on each page, and I can't pass their password thru a session.

Any help is appreciated.

A: 

Best Practice would be to use a such library which does the necessary part.

http://sourceforge.net/projects/classldap/

http://sourceforge.net/projects/adldap/

streetparade
I am using adldap already, but I need to bind to it first before using user_groups(), and I don't want to keep asking the user to log into every page they go to, I am passing the session and can not pass the password thru the session.
Brad