php5-ldap - Search a user in Active Directory
This php snipet helps me to produce an ldap search against an Active Directory using php5-ldap:
<?php
#==============================================================================
# Configuration
#==============================================================================
# LDAP
$ldap_url = "ldaps://<ldap server 1 ip> ldaps://<ldap server 2 ip>";
#$ldap_binddn = "cn=manager,dc=example,dc=com";
$ldap_binddn = "CN=Admin,OU=ArtificialUsers,DC=MyDomain,DC=COM";
$ldap_bindpw = "P@ssw0rd";
$ldap_base = "DC=MyDomain,DC=COM";
$ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";
#==============================================================================
# POST parameters
#==============================================================================
# Initiate vars
$result = "";
$login = "";
$ldap = "";
$userdn = "";
$firstname = "";
$lastname = "";
if (isset($_REQUEST["login"])) {
if ($_REQUEST["login"]) {
$login = $_REQUEST["login"];
} else {
$result = "loginrequired";
}
}
# Strip slashes added by PHP
$studentnumber = stripslashes_if_gpc_magic_quotes($login);
#==============================================================================
# Check username
#==============================================================================
if ( $result === "" ) {
# Connect to LDAP
$ldap = ldap_connect($ldap_url);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
# Bind
if ( isset($ldap_binddn) && isset($ldap_bindpw) ) {
$bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw);
} else {
$bind = ldap_bind($ldap);
}
$errno = ldap_errno($ldap);
if ( $errno ) {
$result = "ldaperror";
error_log("LDAP - Bind error $errno (".ldap_error($ldap).")");
} else {
# Search for user
$ldap_filter = str_replace("{login}", $login, $ldap_number_filter);
$search = ldap_search($ldap, $ldap_base, $ldap_filter);
$errno = ldap_errno($ldap);
if ( $errno ) {
$result = "ldaperror";
error_log("LDAP - Search error $errno (".ldap_error($ldap).")");
} else {
# Get user DN
$entry = ldap_first_entry($ldap, $search);
$userdn = ldap_get_dn($ldap, $entry);
if( !$userdn ) {
$result = "badcredentials";
error_log("LDAP - User $login not found");
} else {
$firstname = ldap_get_values($ldap, $entry, 'givenName');
$lastname = ldap_get_values($ldap, $entry, 'sn');
}
# Rebind as Manager if needed
if ( $who_change_password == "manager" ) {
$bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw);
}
}
}
}
#==============================================================================
# HTML
#==============================================================================
?>
<div class="error">
<?php if ( $result === "loginrequired" ) {?>
You have to enter an username to reset
<?php }?>
</div>
<div style="color:green;">
<?php if ( $result === "" ) { ?>
<?php echo "$firstname[0] $lastname[0]"; ?> is <b><?php echo $login; ?></b>
<?php }?>
</div>
<div>
<form action="#" method="post" class="column">
<table>
<tr>
<th>Username </th>
<td><input type="text" name="login" value="<?php echo htmlentities($login) ?>" /></td>
</tr>
<tr>
<td colspan="2">
<input type="submit" value="Submit" />
</td>
</tr>
</table>
</form>
</div>
Remember to work on the authority certificate issue before making any ldap query, read this article: http://iambusychangingtheworld.blogspot.com/2013/09/php-using-php5-ldap-to-interact-with.html
References:
LTB Self Service Password: http://ltb-project.org/wiki/documentation/self-service-password
<?php
#==============================================================================
# Configuration
#==============================================================================
# LDAP
$ldap_url = "ldaps://<ldap server 1 ip> ldaps://<ldap server 2 ip>";
#$ldap_binddn = "cn=manager,dc=example,dc=com";
$ldap_binddn = "CN=Admin,OU=ArtificialUsers,DC=MyDomain,DC=COM";
$ldap_bindpw = "P@ssw0rd";
$ldap_base = "DC=MyDomain,DC=COM";
$ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";
#==============================================================================
# POST parameters
#==============================================================================
# Initiate vars
$result = "";
$login = "";
$ldap = "";
$userdn = "";
$firstname = "";
$lastname = "";
if (isset($_REQUEST["login"])) {
if ($_REQUEST["login"]) {
$login = $_REQUEST["login"];
} else {
$result = "loginrequired";
}
}
# Strip slashes added by PHP
$studentnumber = stripslashes_if_gpc_magic_quotes($login);
#==============================================================================
# Check username
#==============================================================================
if ( $result === "" ) {
# Connect to LDAP
$ldap = ldap_connect($ldap_url);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
# Bind
if ( isset($ldap_binddn) && isset($ldap_bindpw) ) {
$bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw);
} else {
$bind = ldap_bind($ldap);
}
$errno = ldap_errno($ldap);
if ( $errno ) {
$result = "ldaperror";
error_log("LDAP - Bind error $errno (".ldap_error($ldap).")");
} else {
# Search for user
$ldap_filter = str_replace("{login}", $login, $ldap_number_filter);
$search = ldap_search($ldap, $ldap_base, $ldap_filter);
$errno = ldap_errno($ldap);
if ( $errno ) {
$result = "ldaperror";
error_log("LDAP - Search error $errno (".ldap_error($ldap).")");
} else {
# Get user DN
$entry = ldap_first_entry($ldap, $search);
$userdn = ldap_get_dn($ldap, $entry);
if( !$userdn ) {
$result = "badcredentials";
error_log("LDAP - User $login not found");
} else {
$firstname = ldap_get_values($ldap, $entry, 'givenName');
$lastname = ldap_get_values($ldap, $entry, 'sn');
}
# Rebind as Manager if needed
if ( $who_change_password == "manager" ) {
$bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw);
}
}
}
}
#==============================================================================
# HTML
#==============================================================================
?>
<div class="error">
<?php if ( $result === "loginrequired" ) {?>
You have to enter an username to reset
<?php }?>
</div>
<div style="color:green;">
<?php if ( $result === "" ) { ?>
<?php echo "$firstname[0] $lastname[0]"; ?> is <b><?php echo $login; ?></b>
<?php }?>
</div>
<div>
<form action="#" method="post" class="column">
<table>
<tr>
<th>Username </th>
<td><input type="text" name="login" value="<?php echo htmlentities($login) ?>" /></td>
</tr>
<tr>
<td colspan="2">
<input type="submit" value="Submit" />
</td>
</tr>
</table>
</form>
</div>
Remember to work on the authority certificate issue before making any ldap query, read this article: http://iambusychangingtheworld.blogspot.com/2013/09/php-using-php5-ldap-to-interact-with.html
References:
LTB Self Service Password: http://ltb-project.org/wiki/documentation/self-service-password
Comments
Post a Comment