For an intranet website. I have considered using Active Directory, LDAP, queried via PHP for security. That is I would query AD for the user, let this have access so x webpage or x control on that webpage. I also need, however, to use machine for security so the person can only access if they are a certain user and they are on a certain machine. Some of these machines are outside of the AD (same company just not in my domain.)
Because of the last statement I use I currently use a MySQL database for users and then use IP addresses of the incoming for controlling the access of pages and items on a page. I still make them have an account on AD for getting on the Intranet to begin with...I just hand off control of granular security to the mysql database after AD authorization and authentication to the main page of intranet.
I hope this makes sense. Thanks for any help.
edit: point is I want to put everything in AD and remove the extra database layer.