Logging user to LDAP directory under Yii

On certain systems and LDAP configurations you are required to use two-step login approach. It goes like this:

  1. Bind anonymously, by specifying only $bind = @ldap_bind($connection);.
  2. ldap_search for a given username. Search will return you a valid user's DN (or NULL, if user does not exist).
  3. Using returned LDAP call another ldap_bind, this time attempting to actually login user.

Thus, in this approach you are not constructing your own DN, but relying on returned one instead.

Leave a Reply