You are here: Re: [PHP] LDAP and .htaccess « PHP « IT news, forums, messages
Re: [PHP] LDAP and .htaccess

Posted by Kenny Austin on 04/27/05 21:31

Bret Walker wrote:
> Hello all-
>
> I am looking for a way to protect a directory's contents by
> authenticating against Active Directory via LDAP. I currently have a
> nice little php script that tries to bind to LDAP via a username and
> password entered in a form. If it fails to bind, the user is denied
> access. If it succeeds in binding, it then checks to make sure the user
> is part of a specified group. It works wonderfully, but the problem
> I've run in to (obviously) is that the plain files (.pdf, images, etc)
> are not protected in any manner.
>
> I know you can use php to authenticate against a .htaccess file, and
> that you can use mod_auth_ldap (I'm using apache 1.3) to authenticate
> against LDAP. I would like to avoid using mod_auth_ldap if possible
> because it requires credentials to be stored in it, thus making the code
> less portable and more insecure.
auth_ldap doesn't require credentials to be stored in the .htaccess
file or anywhere else. It can work the same way as you described your
php login page (even supports group lookups).

> Is there any way to use some type of php trickery to protect all of the
> contents of a given directory?
store the files outside of the directory and use something like
"download.php?file=readme.txt" to serve them.

Kenny

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация