PHP LDAP Access Windows AD (Active Directory)

Source: Internet
Author: User
Tags ldap samaccountname



If you use Active Directory (Active Directory) instead of creating an account in a database table, you can use an account from the original Windows network.

LDAP, a Lightweight Directory Access Protocol (PROTOCOL), is a protocol used to access directory servers (DS, directory server) such as Microsoft's Active Directory (Lightweight directory). PHP supports LDAP by default.

The following is a PHP program that uses LDAP for user authentication. In Microsoft's Active Directory, the user's unique identity is "sAMAccountName", and some DS are "UID". The method is:

1. Connect the LDAP Server with the DN of a privileged account (such as cn=user_name,ou=web,dc=ideawu,dc=com).
2. Query its DN according to the name of the logged-on user.
3. Connect LDAP Server with this DN. If the connection is logged on successfully.

Attention! Microsoft's Active Directory server can use empty account connection success (set up the problem?)!

$userid = $_post[' userid '];
$user _password = $_post[' password '];

if ($userid && $user _password) {
Config
$ldap _server = "ideawu.com";
$ldap _admin = "user_name";
$ldap _password = "xxx";
$base _CN = "ou=web,dc=ideawu,dc=com";
$conn = Ldap_connect ($ldap _server);
if (! $conn) {
Die ("<br>connection LDAP Server Error");
}
$bind = Ldap_bind ($conn, $ldap _admin, $ldap _password);
if (! $bind) {
Die ("<br>bind LDAP Server Error");
}

$filter = ' samaccountname= '. $userid;
$attributes = Array (' mail ');
$result = Ldap_search ($conn, $base _dn, $filter, $attributes);
$info = Ldap_get_entries ($conn, $result);

if (! $result) {
Die ("<br>search failed");
}

if ($info ["Count"]!= 0) {
$user _dn = $info [0]["dn]";
Unset ($bind 2);
$bind 2 = @ldap_bind ($conn, $user _dn, $user _password);
if ($bind 2) {
Login done. Set session
}
}

Ldap_close ($conn);
}


</

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.