I am working on a project for a university. The University requires that all use login/information be stored in LDAP and retrieved via PHP. Normally I would just bind the LDAP connection with the credentials the user entered (so the individual user's username and password), however now I am required to authenticate their usernmae/password with LDAP, and then re-bind the connection with an "authorized account" username and password supplied by the department, and then perform the LDAP search from the authenticated account.
Basically I need to use the user's login/password just to ensure they exist in LDAP. If they are, then we must switch to a different account username/password to perform the LDAP search fro the user's information.
How would I do this? I have no idea how to re-bind in this manner but still perform the proper search on the user.
EDIT: is rebinding an LDAP account as simple as including a 2nd bind statement after the first? ex;
if (!($bind=@ldap_bind($connect, "uid=".$username.",ou=*****,dc=***,dc=edu", "$password")))
{
ldap_close($connect);
echo "there was an error binding your LDAP account.";
}
else // else we have binded to the ldap connection as the user, we must re-bind as the authorized account
{
if (!($bind=@ldap_bind($connect, "uid=".$authUN.",ou=******,dc=***,dc=edu", "$authPW")))
{
ldap_close($connect);
echo "There was a problem binding to the authorized account.";
}
else // now we have binded with the authenticated account
{
echo "success!";
}
}
..and then I would just perform the search normally via ldap_search()?
