Authenticating in PHP using LDAP through Active Directory
Importing a whole library seems inefficient when all you need is essentially two lines of code...
$ldap = ldap_connect("ldap.example.com");
if ($bind = ldap_bind($ldap, $_POST['username'], $_POST['password'])) {
// log them in!
} else {
// error message
}
PHP - Create login page with LDAP authentication
So after making some research and some trials & errors i came up with this solution which seems to be working perfectly to my needs.
my form:
<html>
<head>
<style>
body
{
text-align:center;
}
form
{
margin: 0 auto; width: 500px;
}
input
{
padding: 10px; font-zie:20;
}
</head>
</style>
<body>
<h1> authentication with AD </h1>
<form action="Auth.php" method="post">
<input type="text" name="username" /><br>
<input type="password" name="password" /><br>
<input type="submit" value="Login" />
</body>
</html>
my Auth page:
<?php
$ldaprdn = $_POST["username"];
$ldappass = $_POST["password"];
$ldapconn = ldap_connect("ldap server name") or die("Could not connect to LDAP server.");
if ($ldapconn)
{
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind)
{
echo "LDAP bind successful...";
}
else
{
echo "LDAP bind failed...";
}
}
$Result = ldap_search($ldapconn, "OU=IT,DC="Domain",DC=corp", "(samaccountname=$ldaprdn)", array("dn"));
$data = ldap_get_entries($ldapconn, $Result);
print_r($data);
?>
Additionally, per this answer, you may need to set the following options immediately after ldap_connect
:
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
hope this solution can help those who needs the same.
PHP LDAP Connection to Authenticate against Active Directory from External Server
When connecting to AD using LDAPS from a Linux box, I've always had to add the line
TLS_REQCERT never
in /etc/ldap.conf or equivalent (might require an apache restart - not sure). You can also try the format "ldaps://server.domain.tld:636" for the host, though I don't think that's the issue.
I found some decent documentation at http://en.gentoo-wiki.com/wiki/Active_Directory_Authentication_using_LDAP, though it appears to be down at the moment. Google's cached version: http://webcache.googleusercontent.com/search?q=cache:http://en.gentoo-wiki.com/wiki/Active_Directory_Authentication_using_LDAP
LDAP Authenticating user in PHP
I believe the only change you need to make is:
if ($bind = ldap_bind($ldap, "$up@dejan.local", $pw)){
Which will make the request local to the specific domain. With Active Directory (which is somewhat different, blame Kerberos), you have to provide a context for login.
LDAP Authentication via PHP - Access Groups
I assume the reason it will not match is because you are trying to match only on the AD group name, however your query is bringing back the AD schema (CN,OU,DC,etc).
One suggestion is to use a foreach loop and use explode to split out only the group name and the results to a new array. Then use that array as your haystack in the if\else statements.
Getting user readable name via LDAP with PHP by having only the login credentials
You should be able to do the search like this:
$upn = $_REQUEST['username'].'@abc.xyz';
$attributes = ['displayname'];
$filter = "(&(objectClass=user)(objectCategory=person)(userPrincipalName=".ldap_escape($upn, null, LDAP_ESCAPE_FILTER)."))";
$baseDn = "DC=abc,DC=xyz";
$results = ldap_search($ldap, $baseDn, $filter, $attributes);
$info = ldap_get_entries($ldap, $results);
// This is what you're looking for...
var_dump($info[0]['displayname'][0]);
Also, make sure to do the bind with these options:
$ldap = ldap_connect("ldap://abc.xyz:123");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
if ($bind = ldap_bind($ldap, $_REQUEST['username'].'@abc.xyz',$_REQUEST['password']))
Related Topics
Concatenation with Addition in It Doesn't Work as Expected
What Is an .Inc and Why Use It
How to Declare a Two Dimensional Array
PHP - How to Build Tree Structure List
Long Polling/Http Streaming General Questions
Allowed Memory Size of 262144 Bytes Exhausted (Tried to Allocate 24576 Bytes)
C#'s Null Coalescing Operator () in PHP
Laravel Tokenmismatchexception in Ajax Request
Mysqli_Query() Expects at Least 2 Parameters, 1 Given In
How to Convert a String to JSON Object in PHP
How to Hide the Actual Download Folder Location
Algorithms for String Similarities (Better Than Levenshtein, and Similar_Text)? PHP, Js
PHP _Php_Incomplete_Class Object with My $_Session Data
Finding the Minimum Value's Key in an Associative Array
How to Regex-Replace Multiple <Br /> Tags with One <Br /> Tag