View Full Version : PHP, LDAP, and authenticating via logon

09-13-2009, 09:51 PM
my Ubuntu 8.04 box is running Apache2, running PHP5 successfully, and i can connect to our win2k AD[active-directory] server without error, yet i only get as far as listing users, computer names, email group names in our office [we have 3 offices[each, the city name-see below in my code, i am connecting to only 1 of them: $dn = "OU=cityName_here"]. i will post my "working" code below, but my question is: please help me use some php and ldap commands allowing someone to enter their network ID and PW on a logon screen [i can create that and xfr the info to next page just fine] then compare the ID/PW combination against AD to allow/disallow access. please don't just give me theory; i've spent many hours already and getting nowhere any more - is there really proven simple/straightforward code to take an id/pw, connect to ldap server, then loop through user id's and pw's, or compare id/pw against an LDAP query to determine if that user/pw combo exists in AD?? thx much in advance for your help, and code examples! my code so far:

error_reporting(E_ALL); // place these two lines at the top of
ini_set('display_errors', 1); // the script you are debugging

$ldap_server = "ldap://serverIP_here";
//$ldapPort = "port#_here";
$ldapPort = "port#_here";

$ldapUser = "serverID_here";
$ldapPswd = "serverPW_here";
$ldapLink = ldap_connect($ldap_server) or die("NO establish LDAP connection");
ldap_bind($ldapLink, $ldapUser, $ldapPswd) or die("NO bind to the server");

$dn = "OU=cityName_here,DC=domainName_here,DC=com";

$results = ldap_search($ldapLink, $dn, "(CN=*)");

//Create result set
$entries = ldap_get_entries($ldapLink, $results);

//Sort and print
echo "User count: " . $entries["count"] . "<br /><br /><b>Users:</b><br />";

for ($i=0; $i < $entries["count"]; $i++)
echo $entries[$i]["displayname"][0]."<br />";

//never forget to unbind!

$info = ldap_get_entries($ldapLink, $results);
echo "<br>".$info;


...which produces output as such[names chgd to protect the innocent]:

User count: 455

Annie Oakley
Jackie Ripper
Sam LaRiddle
Brad Belushi
Linda Starling Axlerod

Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

Infotext Infortext
John W. Gasey

Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

Notice: Undefined index: displayname in /var/www/ldapTest1.php on line 33

Al Pacino
[etc, etc, etc including in all, users, computer names, email group names]

thx again for your help!!!!!

09-13-2009, 10:12 PM
again, real user's name changed to protect the innocent.

note: if i change the line:
>>$results = ldap_search($ldapLink, $dn, "(CN=*)");<< to >>$results = ldap_search($ldapLink, $dn, "(CN=Arthur C. Clark)");<<

User count: 1

Arthur Clark

Warning: ldap_get_entries(): 2 is not a valid ldap link resource in /var/www/ldapTest1.php on line 39

at this point, i just want to compare id [which seems possible in light of the above output, but i desperately need to be able to get someone's userid and pw and authenticate them. THANK YOU!