Hi all,

I'm building a multi-tenant web application in PHP which is hosted on a dedicated Ubuntu 14.04 server (LAMP). I'm trying to figure out the simplest method of allowing my customers (SME's) to connect the application to their active directory server to authenticate users. The only issue is, I don't want all of my customers to have to whitelist my IP's on their firewall (change management will kill my sales) and I don't want them to expose their Active Directory servers to the internet.

The best I've come up with so far is setting up my own IIS server and asking all of my clients to connect to is using federation, but this is very long and very messy.

I'm happy to use a third party such as OneLogin for the task but that requires my customers to trust a third party and install a third part app on at least one of their servers. At least if I've created the connector (whatever it is) I can show this to the customers and over-document the process to provide ease of mind.

I can't help but feel like I'm missing something obvious. I don't even need to store user details as I could use ldap_bind() but this function obviously requires every customer to have their AD server public facing with either a publiv IP or a DNS A record.

It can't be this hard; can it?

1 Year
Discussion Span
Last Post by jay56

hello friends,
Do you have a version that is more secured instead of sending plain password? also what the windows 2012 server need to install and setup other than enable AD LDS and create one instance? Thanks!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.