I am developing a simple site in PHP to enable some users to do some specific tasks. My goal is to achieve role based authorization for the users and they should see different pages according to their LDAP group membership. This is how I'm trying to implement it-
1) use php-ldap library functions to connect to the LDAP server
2) extract the dn of the group name and username by ldapsearch from the user base dn and group base dn
3) search for the "memberOf" attributes in the user entry and match them with the group dn. Return true if matched
4) Search for the "member" attributes in the group entry and match them with the user dn. Return true if matched.
So far I have tested this against an openldap server and it seems to be working, however I want the script to work against other directory servers like apacheds, active directory and 389ds. As I don't have access to multiple directory servers, I want some advise on whether these steps will work on other directory servers or not. Any help regarding this will be appreciated. Thanks in advance.
