Authenticating in PHP Using Ldap Through Active Directory

Authenticating in PHP using LDAP through Active Directory

Importing a whole library seems inefficient when all you need is essentially two lines of code...

$ldap = ldap_connect("ldap.example.com");
if ($bind = ldap_bind($ldap, $_POST['username'], $_POST['password'])) {
  // log them in!
} else {
  // error message
}

PHP - Create login page with LDAP authentication

So after making some research and some trials & errors i came up with this solution which seems to be working perfectly to my needs.

my form:

<html>
    <head>
        <style>
            body
            {
                text-align:center;
            }
            form
            {
                margin: 0 auto; width: 500px;
            }
            input
            {
                padding: 10px; font-zie:20;
            }
    </head>
        </style>
    <body>
    <h1> authentication with AD </h1>
    <form action="Auth.php" method="post">
        <input type="text" name="username" /><br>
        <input type="password" name="password" /><br>
        <input type="submit" value="Login" />
    </body>
</html>

my Auth page:

<?php
    $ldaprdn  = $_POST["username"];
    $ldappass = $_POST["password"];
    $ldapconn = ldap_connect("ldap server name") or die("Could not connect to LDAP server.");

if ($ldapconn) 
{
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
    if ($ldapbind) 
    {
        echo "LDAP bind successful...";
    }
    else 
    {
        echo "LDAP bind failed...";
    }
}
$Result = ldap_search($ldapconn, "OU=IT,DC="Domain",DC=corp", "(samaccountname=$ldaprdn)", array("dn"));
$data = ldap_get_entries($ldapconn, $Result);
print_r($data);
?>

Additionally, per this answer, you may need to set the following options immediately after ldap_connect :

ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

hope this solution can help those who needs the same.

PHP LDAP Connection to Authenticate against Active Directory from External Server

When connecting to AD using LDAPS from a Linux box, I've always had to add the line

TLS_REQCERT never

in /etc/ldap.conf or equivalent (might require an apache restart - not sure). You can also try the format "ldaps://server.domain.tld:636" for the host, though I don't think that's the issue.

I found some decent documentation at http://en.gentoo-wiki.com/wiki/Active_Directory_Authentication_using_LDAP, though it appears to be down at the moment. Google's cached version: http://webcache.googleusercontent.com/search?q=cache:http://en.gentoo-wiki.com/wiki/Active_Directory_Authentication_using_LDAP

LDAP Authenticating user in PHP

I believe the only change you need to make is:

if ($bind = ldap_bind($ldap, "$up@dejan.local", $pw)){

Which will make the request local to the specific domain. With Active Directory (which is somewhat different, blame Kerberos), you have to provide a context for login.

LDAP Authentication via PHP - Access Groups

I assume the reason it will not match is because you are trying to match only on the AD group name, however your query is bringing back the AD schema (CN,OU,DC,etc).

One suggestion is to use a foreach loop and use explode to split out only the group name and the results to a new array. Then use that array as your haystack in the if\else statements.

Getting user readable name via LDAP with PHP by having only the login credentials

You should be able to do the search like this:

$upn = $_REQUEST['username'].'@abc.xyz';
$attributes = ['displayname'];
$filter = "(&(objectClass=user)(objectCategory=person)(userPrincipalName=".ldap_escape($upn, null, LDAP_ESCAPE_FILTER)."))";
$baseDn = "DC=abc,DC=xyz";
$results = ldap_search($ldap, $baseDn, $filter, $attributes);
$info = ldap_get_entries($ldap, $results);

// This is what you're looking for...
var_dump($info[0]['displayname'][0]);

Also, make sure to do the bind with these options:

$ldap = ldap_connect("ldap://abc.xyz:123");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ($bind = ldap_bind($ldap, $_REQUEST['username'].'@abc.xyz',$_REQUEST['password']))

---

Related Topics