php, retrieve the password of the current user

Question

Possible Duplicate:
Using windows authentication with php?

I built a php intranet web application that allow users to show their information stored in Active Directory.

my application works perfectly ,but before the user can see his info he has to login using his Windows credentials.

I want to auto authenticate the user over the Active directory using his windows credentials that he entered them when he logged in to the windows.

I successfully got the username of the current user using NTLM witch is described in this article: http://siphon9.net/loune/2007/10/simple-lightweight-ntlm-in-php/

I know that I have to use LDAP to retrieve user attributes from AD.

I know how to do that, but the problem is:

I need the current user password to use it in @ldap_bind function.

is there any way to retrieve the password of the current user???

I am working on Windows 7 I am using Apatch 2.2, php5

Thank you in advance.

score 2 · Accepted Answer · answered Dec 22 '12 at 14:12

2

No, you can't get a user's password from Active Directory. If that were possible, than any program could get your password, and then change it.

If you want to query Active Directory without asking for a password, you have some options.

I don't know how to do this in php, but with IIS you can use integrated windows authentication and delegation. This is difficult to setup.
Since all you're doing is querying, just make an account for the website that doesn't have any special rights. Use this hardcoded password.
Enable anonymous access to Active Directory. This would allow you use null for the username and password. Best practices say not to do this though.

answered Dec 22 '12 at 14:12

Sean Hall

Thank you for the reply. Do you mean that I can use @ldap_bind with username and password for a dummy user which is different than the the one that I am looking for him. using ldap_search? – code Dec 22 '12 at 14:53
Thank you very much ..I followed point#2 and it is working well now :) – code Dec 23 '12 at 08:12
now I have a login pop up window appears when I access the application. I actually prefer to auto authenticate the user, but it is not a big problem. The problem happens when the user enter wrong credentials. It allows him to access the application with "Undefined index" every where!! how can I prevent non-real users from accessing the application ? – code Dec 23 '12 at 08:33
@code The pop up windows is because the browser can't or won't forward the existing credentials. You should be able to google that. Your NTLM code should be able to tell whether valid credentials were sent. I see in your link, there's a link at the bottom for updated code. – Sean Hall Dec 23 '12 at 13:22
emmm .. @ Hall72215,I understood you. thank you again for your reply. I saw the link at the bottom but I do not know how to use this code to check for the username and pass from the central AD instead of the local DB ? – code Dec 24 '12 at 05:35

1 Answers1