Apologies in advance for sounding naive but I am new to this and stuck since days to no good.
I have set up LDAP on apache web server using below link and it is working good.
I am able to login to the application using a valid account in the directory. Now I want to create a non-ldap user (common user for API access) that can be allowed access through the web server? Is it possible? How?
I would strongly advise to create API accounts
in your Active Directory. (in the company I work for, we use that and call them service accounts
)
Centralizing access is the best practice, if you start mixing authentication methods in your application/website it can quickly become a nightmare of spaghetti code to maintain.
Centralizing access also improves security by allowing you to manage access in a single place.
If you do not want to go this way, you have the possibility to create a secondary authentication method through local users
that would be stored in a database. If you go this way, please do not store passwords in a non-encrypted way. Look for the following functions: password_hash and password_verify. When using SQL to transact with your database, make sure you do not end up with SQL injection, it can be disastrous to have SQL Injection
in your login script.