I've come across a few questions regarding integrating user authentication via LDAP Active Directory server to a company website. The website is mainly used internally to give secure access to files/PDFs. The site is accessible outside our network, as certain customers also need to be able to view/upload files for their orders and verification. We do have an SSL cert in place for secure access to the site, for internal and external.
At this time, the site uses PHPass for password handling, while storing user information in an MS SQL Server database. Users who need access to the site are added to this database, with account level registered and phpass handling the password aspect. This method is pretty secure, and works fine for current usage (internal employees, segregated data for outside customers). However it also introduces more points of failure for the entire system. IE: Additional passwords for users to remember (or forget) and additional account management overhead for the admin.
In planning to streamline the authentication for the site, I've been tasked with integrating Active directory user information to be be utilized for login. This will work fine for the employees of our company, because they already have an AD account. However, this will not work for outside vendors or customers, because they do NOT have an AD account (and should not) to authenticate against.
This leads me to believe the easiest solution is to have a 'main' form of authentication (against AD) and a fallback against the already created SQL user DB. Users who come back as in AD, use those credentials, else search the SQL DB for the user (which would contain any non AD accounts we needed).
Questions:
- Is the above outlined method of verification a logical and secure plan?? If not, what should I be doing instead?
- How does one secure against LDAP attack/brute force?
- In PHP/SQL, utilizing parameterized/typecast queries, account lockouts/timeouts, generic error messages, proper password hashing methods, etc - add up for securing the database and forced login attempts
- For ldap_bind, username and password are sent across network to LDAP server in the clear??
- As this login is for the entire network, how can I ensure my login/site is NOT the weakest link of security, or causing undue ease of access to password information?
Note: This was posted on StackOverflow and not ServerFault, because my issue is with programming the PHP website for security. My question relates foremost to the website access, restriction, and permission issues of user login WHILE authenticating to AD or backup database.