How can PHP developers ensure that LDAP authentication works for both admins and normal users?

To ensure that LDAP authentication works for both admins and normal users, PHP developers can create separate LDAP groups for admins and users, and then check the user's group membership during authentication. This way, admins can have access to certain resources or functionalities that regular users do not. 

// LDAP authentication for admins and normal users
$ldap_server = 'ldap://your-ldap-server';
$ldap_dn = 'cn=admin,dc=example,dc=com';
$ldap_password = 'admin_password';

$ldap_conn = ldap_connect($ldap_server);
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);

if (ldap_bind($ldap_conn, $ldap_dn, $ldap_password)) {
    $user_dn = 'uid=user,ou=users,dc=example,dc=com';
    $user_password = 'user_password';

    if (ldap_bind($ldap_conn, $user_dn, $user_password)) {
        $user_groups = ldap_get_values($ldap_conn, $user_dn, 'memberOf');
        
        if (in_array('cn=admins,ou=groups,dc=example,dc=com', $user_groups)) {
            // Admin user
            echo 'Welcome Admin!';
        } else {
            // Normal user
            echo 'Welcome User!';
        }
    } else {
        echo 'Invalid credentials for user';
    }
} else {
    echo 'LDAP bind failed';
}

ldap_close($ldap_conn);

Keywords

LDAP authentication PHP admins normal users

Related Questions