Using LDAP Authentication from Active4D
I recently needed a way to allow employees at my company to gain access to my application using their existing Active Directory username and password. Here's a brief description of my approach in the hope that it will help others.
The basic steps involved are:
- Prompt the user for their name and password using a standard form
- Pass the name and password to a 4D method that calls a php script which performs an LDAP lookup
- Based on the result from the php script, determine the appropriate action
Requirements
To make this work, you'll need the following:
- php installed on an accessible machine
- a php script which performs an LDAP lookup (auth.php)
- a 4D wrapper method which calls the php script (example below)
- a login page which prompts the user for username and password, and a post processing page which calls the script
Installing php
The first step in making this work is to get php installed and working. If you don't already have it, you can get it from php.net. It's free, and installation is simple. You'll need to enable the LDAP extension which is disabled in the default configuration. Open the php.ini file, search for 'ldap'. Uncomment the line 'extension=php_ldap.dll' by removing the semicolon at the beginning of the line. Save your changes. To test your installation, and see which version you're running, enter 'php -v' from your terminal window.
To try running a simple php script, enter:
php -r 'echo "hello world\n";'
The -r tells php to allow execution right from the command line, without the tags. More info can be found at http://php.net/features.commandline
Configure the LDAP Connection script
Now that php is working, test the LDAP Authentication script. Use the file auth.php as a starting point. You'll need to update the info inside the script to work with your particular LDAP server configuration. If you're not sure what settings to use, check with your friendly IT person.
To test the connection script, enter the following:
php auth.php 'username' 'password'
Where 'username' and 'password' contain actual values. The single quotes may be necessary if you have special characters in either string. You also need to be sure to specify the complete path to the script, or set your current working directory to the one which contains the script. If successful, you'll see the number "1" echoed to your terminal. If you get some other number (2 through 5), that means the script is working, but some error occurred during its execution.
Calling php from 4D
Now that you know the script is working, create a wrapper function to which you'll pass two parameters, namely username and password, and obtain a result back. You'll call this method from your Active4D script. It should look something like this:
`method: LDAP_Authorize (username: str; password: str) : result: str
C_TEXT($1;$2;$0)
$path:="C:\\php\\php -f \"D:\\Documents and Settings\\ddellaqu\\My Documents\\BCPv3\\scrip"+"ts\\auth.php\" "+$1+" "+$2
$input:=""
$output:=""
LAUNCH EXTERNAL PROCESS($path;$input;$output)
$0:=$output
You'll need to change the path to match the location of your php executable, and script, but everything else should remain the same.
Now all you need to do is call the above 4D method from Active4D, passing it a username and password, and testing what you get back to determine if the user provided valid credentials. If successful, you'll get a "1", otherwise you'll get an error result. Look inside the script to see the reason for the other possible values. It's up to you to decide how to handle errors in your own Active4D code.
I purposely left a lot of details out to encourage others to edit this wiki page!
Cheers!
Dave
Comments (0)
You don't have permission to comment on this page.