How to authenticate to Active Directory using iOS

2020-04-16 01:28发布

问题:

I am trying to create and iOS app that takes a users credentials and verifies it with the AD server. Is there some built in library in xCode to do that, or is it third party?

Any advice on direction to look would be greatly appreciated.

Thanks Zach

回答1:

Ok, so this was the PHP i used to make the connection to the ldap server. i am not 100% sure what is happening here, i got this code from IT Coordinator at my company. I understand all the binding and searching parts, but i dont get the the ldap_set_option part of this whole thing. Anyway after setting it up this way, you can then call the URL of the php script and pass it parameters. take a look at the PHP, and the url example with be below.

<?php
//Connection parameters
$dn = "DC=network,DC=net";
$host = "ldap://ldap.network.com";
$port = 1111

$user = $_GET['user'];
$pass = $_GET['pass'];

//$user = "user@network.net";
//$pass = "pass";

$filter = "memberof";
$keyword = "CN=USSC_ALL,CN=Users,DC=network,DC=net";

$filter = "objectclass";
$keyword = "user";

$filter = "objectcategory";
$keyword = "CN=Person,CN=Schema,CN=Configuration,DC=network,DC=net";

//The real thing with PHP
if (!empty($keyword) and !empty($dn)) {
//Connect to the AD
$adConn = ldap_connect($host, $port) or die("Could not connect!");

//Set protocol verison
ldap_set_option($adConn, LDAP_OPT_PROTOCOL_VERSION, 3) or die ("Could not set ldap     protocol1");

//Set referrals... Won't work without this...
ldap_set_option($adConn, LDAP_OPT_REFERRALS, 0) or die ("Could not set ldap protocol2");

//Bind the user
$bd = ldap_bind($adConn, $user, $pass) or die ("Could not bind");

echo $bd;

 //End binding
ldap_unbind($adConn);



} else {
   echo "<p>No results found!</p>";
}

?>


</body>
</html>  

Ok so now all you have to do is pass a username and password to the script and it will return the bind. that will give you either true or false. meaning if it bound successfully it is a correct combination of username and password.

this is how i am calling it:

http://192.268.192.1/ldap.php?user=(username here)&pass=(password here)

This is the approach that i took, and i think it is a very simple answer.



回答2:

So what I have been able to find out is that i need to use PHP to do this. By creating a php file on the server, i can use built in ldap protocol to take a user name and password to the ldap server for verification. The query should then return true or false. As soon as i get this working ill post my code