faqts : Computers : Programming : Languages : PHP

+ Search
Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

1 of 9 people (11%) answered Yes
Recently 1 of 9 people (11%) answered Yes

Entry

Does anyone know how to connect to Active Directory using PHP maybe with LDAP???

Mar 15th, 2008 18:32
ha mo, Jason Ross, Jason Ellmers,


here's some code that uses LDAP binds to ad for user authentication. 
tested on debian linux (sarge) using apache2
Not sure how the formatting will turn out, and i've removed most of the 
comments to make it smaller (including the GPL notice)
Full code is posted at my site: 
http://www.freezion.com/gpl/ADAuth.phps
if (!isset($_SERVER["PHP_AUTH_USER"])) {
   header('WWW-Authenticate: Basic realm="AD Authentication"');
   header('HTTP/1.0 401 Unauthorized');
   echo 'Sorry, you must login';
   exit;
} else {
   session_start();
   list($_SESSION["domain"],$_SESSION["user"]) = split("\\\\", $_SERVER
["PHP_AUTH_USER"]);
    $_SESSION["password"] = $_SERVER["PHP_AUTH_PW"];
   if (strtoupper($_SESSION["domain"]) == "DOMAIN") { 
      $LDAPServerAddress="IP.OF.ANY.DOMAINCONTROLLER";
      $LDAPServerPort="389";
      $LDAPServerTimeOut ="60";
      $LDAPContainer="dc=your,dc=root";
      $BIND_username = "CN=Some User,OU=Some OU,DC=your,DC=root";
      $BIND_password = "password";
      $filter = "sAMAccountName=".$_SESSION["user"];
   } else {
      echo "<h3>Domain not searchable, or unknown</h3>";
      exit;
   }
   if ($ds=ldap_connect($LDAPServerAddress)) {
      ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
      ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
      if ($r=ldap_bind($ds,$BIND_username,$BIND_password)) { 
         if($sr=ldap_search($ds, $LDAPContainer, $filter, array
('distinguishedName'))) {
            if($info = ldap_get_entries($ds, $sr)) {
               $BIND_username = $info[0]['distinguishedname']
[0];                   // reset bind user to user DN
                    $BIND_password = $_SERVER["PHP_AUTH_PW"];
                    if ($r2=ldap_bind
($ds,$BIND_username,$BIND_password)) {
                        if($sr2=ldap_search($ds, $LDAPContainer, 
$filter, array("givenName","sn","mail","UID"))) {
                            if($info2 = ldap_get_entries($ds, $sr2)) {
                                $_SESSION["name"] = $info2[0]
["givenname"][0]." ".$info2[0]["sn"][0];
                                $_SESSION["email"] = $info2[0]["mail"]
[0];
                                $_SESSION["sapid"] = $info2[0]["uid"]
[0];
                                echo "Welcome " .$_SESSION["name"];
                            } else {
                                echo "Could not read entries<br />"; }
                        } else {
                            echo "Could not search<br />"; } 
                    } else {
                        echo "User password incorrect<br />"; }
            } else {
               echo "User name not found<br />"; } 
         } else {
            echo "Could not search<br />"; } 
      } else {
         echo "Could not bind<br />"; }
   } else {
      echo "Could not connect<br />"; }
}
http://www.tantofa.com
http://www.fantofa.com
http://www.mantofa.com
http://www.tanpola.com
http://www.tampola.com
http://www.yamot.com
http://www.mozmar.com
http://www.templatestemp.com