Skip to content
An LDAP driver for Kohana/Auth using pure PHP LDAP functions.
Find file
New pull request
Fetching latest commit...
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Kohana Pure LDAP

An LDAP auth module for Kohana with no external dependencies.

Version 1.1 Released on 2011-11-02 By Stephen Eisenhauer


Kohana-Pure-LDAP is a module for Kohana which extends the core Auth module to allow for authenticating against an LDAP server.

This module is so-called 'Pure' because, unlike other Kohana LDAP auth modules in existence, this one does not use external libraries like PEAR or ZEND, instead only utilizing functions from PHP's standard LDAP extension.


To install, simply clone this repository into your Kohana installation's modules directory.


This module provides an example configuration file located in config/pure-ldap.php. Simply copy this file into your Kohana installation's application/config directory and modify its variables using a text editor. The example configuration contains more information on the settings themselves.

In order to activate this module, you will need to do the following:

  1. Edit the application/bootstrap.php file in your Kohana install. Ensure that both 'auth' and 'kohana-pure-auth' are enabled in the Kohana::modules array.
  2. If you don't already have a file in your application/config directory called auth.php, copy the sample from modules/auth/config/auth.php to this location.
  3. Edit application/config/auth.php from the previous step and set the 'driver' key's value to PureLDAP.


Since this module extends the core Auth module, use it according to the Auth module's documentation and API.

In general, you'll want to create a login form whose backend contains something like this:

    $success = Auth::instance()->login($_POST['user'], $_POST['pass']);

    // If $success, redirect the user.
    // Else, display the login form again with an error message.

Additionally, Auth::instance()->get_user() will return a LDAP_User object representing the logged in user (or FALSE if no one is logged in). This object has three properties:

  • ->username, the username of the user
  • ->attributes, an associative array containing the attributes you specified in the config file
  • ->roles, an array of roles (groups) this user belongs to, given via an attribute specified in the config file


This code is released under the New BSD License. This means you can use and modify any of this code freely. See LICENSE for full legal details.

Something went wrong with that request. Please try again.