I am working on a website in PHP with a simple user authentication and CRUD with a LDAP. I have set rules in my AD to specify which groups can or cannot edit other groups and which attributes can edit users.
The problem is, after successfully binding the user to the AD and redirecting to another page, the session previously binded is gone.
Juste after the authentication and before the redirection, the function ldap_exop_whoami() returns me the DN of the user. But, after a redirection, it returns nothing.
I red on another post that "PHP LDAP doesn't support persistent connections." and this has been the only informations about this that i was able to find.
I need to keep the user session for user CRUD.
For example, if a user wants to edit it's password or it's first name, the ldap_mod_replace() will return "Insuficient access" surely because without proper session, the ldap might have tried an anonymous bind.
Is it normal that i cannot create simple user CRUD because of this behavior ?
For now, i see 2 solutions which aren't really security friendly.
The first would be to store user authentication informations and bind on each page.
The second would be to log as an admin each time there is an update. This is also wrong for security reasons, and it bypass all the AD configuration concerning users editions.
Am i supposed to work with this behavior ? Maybe i should use a library or something ? I'm a bit lost and all of my "solutions" aren't really good, so if anyone have a hint or an idea, i'll take it gladly.
Thanks.