Much like many other sites my University has an iTunesU presence that hosts some media and interesting tidbits from events and classes here at Brock.  The only hitch (as the name implies) is that this nifty media collection is served up via iTunes.  Further to the application lock-in there is no easy way to authenticate to the service directly via iTunes, so in most cases any school that wishes to get their users into the service need to write up an authentication system and host it on local web-space. Once some local authentication is done you construct a POST to iTunes and if all goes well iTunes will shell open on the system you're on and you'll be recognized as a member of your institution.  This post is a look at one way to create this login.

Two Existing PHP helpers

There was some great building blocks that we were able to reuse to put this together:

• PHP Authentication Script - Written by Aaron Axelsen at University of Wisconsin Whitewater Grab the example and fill in the fields of the constructor functions that match the information iTunes has given you.
• adLDAP Download - LDAP Authentication with PHP for Active Directory, via Sourceforge Download the main adLDAP.php file and fill in the basics about your LDAP setup: Base DNs, Account Suffixes, Domain Controllers etc.

My institution uses Active Directory for user management and since the rest of of our web presence is built on PHP that became the obvious solution.  

Pseudo-code

Including two php files into a login.php file is as complicated as it got.  Here's a barebones implementation: 

 <?php

require_once('adLDAP.php');
require_once('intunesu.php');

$usercheck = new adLDAP();

if (isset($_POST['username']) && isset($_POST['password'] ){

	if ($usercheck -> authenticate($username,$password)){

	//Grab Info about user and manipulate as required by your LDAP configuration
	$userdetails = $usercheck->user_info($username);
	$iname = $userdetails[0]["name"][0];
	$iemail = $userdetails[0]["email"][0];
	$iusername = $userdetails[0]["username"][0];

	//Customize as needed
	$itunes = new itunes();
	$itunes->setupExample();

	//At this point you can add/remove priviledges based on memberships in LDAP
	if ( $userdetails[0]["Department"][0] == "Library Systems") {
		$itunesu->setUser($iname,$iemail,$iusername, 'Administrator');
		$itunes->addAdminCredentials();
	}
	else{
		//If you get complex you can add all sorts of groups for each level of authentication
		//to invoke something like $itunes->addInstructorCredential()
		$itunes->setUser('',$iemail,$iusername,$iusername);
	}

	//This should shell to itunes
	$itunes->invokeAction();
	}

}
?>

<form "<?PHP print $_SERVER['PHP_SELF']?>" method="post">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" value="Login to iTunesU">
</form>

 Three cheers for reusing authentication services.  Props to CTLET @ Brock for collaborating on this project.