Active Directory Authentication with LDAP – PHP

Implementation Sort notes explained: Solution shown here to implemented this on a windows 2012 server with IIS and PHP over FastCGI. Make sure that you have enabled / compiled the LDAP module in php. Where defined the $adServer variable you can specify either the host name of the domain controller or the ip address. Also included a simple echo in the example to show you how to access objects of the active directory account logging in as well as a var dump so that you can see what the object contains. Please remove these once you know the information you are after.


 * Sample Solution process explained here
if(isset($_POST['username']) && isset($_POST['password'])){

    $ADServer = "ldap://";

    $ldap = ldap_connect($ADServer);
    $username = $_POST['username'];
    $password = $_POST['password'];

    $ldaprdn = 'mydomain' . "\\" . $username;

    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);

    $bind = @ldap_bind($ldap, $ldaprdn, $password);

    if ($bind) {
        $result = ldap_search($ldap,"dc=MYDOMAIN,dc=COM",$filter);
        $info = ldap_get_entries($ldap, $result);
        for ($i=0; $i<$info["count"]; $i++)
            if($info['count'] > 1)
            echo "<p>You are accessing <strong> ". $info[$i]["sn"][0] .", " . $info[$i]["givenname"][0] ."</strong><br /> (" . $info[$i]["samaccountname"][0] .")</p>\n";
            echo '<pre>';
            echo '</pre>';
            $userDn = $info[$i]["distinguishedname"][0];
    } else {
        $msg = "Invalid email address / password";
        echo $msg;

    <form action="#" method="POST">
        <label for="username">Username: </label><input id="username" type="text" name="username" />
        <label for="password">Password: </label><input id="password" type="password" name="password" />        <input type="submit" name="submit" value="Submit" />
<?php } ?> 

Add a Comment

Your email address will not be published. Required fields are marked *