First off, let me say that while I know my way around PHP pretty well I haven't dealt with any of the following yet, so I'll probably say some dumb stuff...


I'm adapting a PHP CMS I've developed to deploy on a client's intranet. It will be running on an Apache server they configure for this project. They requested being able to use Active Directory and/or Samba and/or LDAP to allow users to be identified by this CMS using their already-logged-in Active Directory identity, and not have to authenticate again in the CMS.

In other words (as I am beginning to grasp it) they're already logged in to the intranet, and when they go to my CMS, it recognizes that logged-in status and says "ok, you're Bruce, you get to see this particular content".

As I've started to explore this, I find solutions that require a second login, but do query the Active Directory database rather than a second db of user credentials. What I'd like is a solution that just "knows" the person is logged in, what their clearance level is, and doesn't force them to log in again. I believe this is called "SSO".


Of course I'd love to find a canned solution to this that's implementable by someone without a lot of networking smarts (I DO know PHP and SQL, and have done a little CURL, but I know there's a lot more in the networking world).

Or, just some good resources to educate myself about how this would actually work.


Anyone have experience with this sort of thing?


Thanks

- Bob