I am somewhat familiar with how to set up seamless authentication in PHP/ASP.net applications with IIS in a corporate network, but I have a question that so far I have struggled to find an answer to.
With anonymous auth disabled, and windows auth enabled, i.e. seamless authentication is set up, will a PHP/ASP.net script with functionality for adding/modifying users in Active Directory (into the same "container") simply just work for someone with the correct admin privileges, i.e. in php use of just ldap_bind($conn);, or must I force the user to supply login credentials to use in the ldap_bind() function?
Please understand that I have limited knowledge and understanding of AD.
Generally, an LDAP request is transmitted on a connection where that connection has a particularly authorization state and the LDAP client examines the response from the server for indications of success or failure. The authorization state of the connection is changed by a successful bind request.
Successful requests are therefore dependent on the authorization state of the connection. Properly secured LDAP servers should require applications to bind (to change the authorization state of the connection) in order for certain requests (such as add and modify, search andcompare`) to be successful.
In other words, is it or is it not possible with seamless authentication, to have a web page that allows editing of Active Directory user records, without the user having to supply a password into it - Haefyra 2012-04-11 19:04