Menu
how can I authenticate from PHP using LDAP when I only have the SamAccountName and Password? Is there a way to bind with just SamAccountName and Password and without Distinguished Name. The only examples I have found assume you have the DN:
$server="XXX.XXX.XXX.XXX";
$dn = "cn=$username, ";
$basedn="ou=users, ou=accounts, dc=domain, dc=com";
if (!($connect = ldap_connect($server))) {
die ("Could not connect to LDAP server");
}
if (!($bind = ldap_bind($connect, "$dn" . "$basedn", $password))) {
die ("Could not bind to $dn");
}
$sr = ldap_search($connect, $basedn,"$filter");
$info = ldap_get_entries($connect, $sr);
$fullname=$info[0]["displayname"][0];
$fqdn=$info[0]["dn"];
871
In order to authenticate a user with an LDAP directory you first need to obtain their DN as well as their password. With a login form, people typically enter a simple identifier such as their username or email address. You don't expect them to memorise the DN of their directory entry.
LDAP v3 supports three types of authentication: anonymous, simple and SASL authentication.
This works for me. I spent many a days trying to figure this one out.
<?php
//We just need six varaiables here
$baseDN = 'CN=Users,DC=domain,DC=local';
$adminDN = "YourAdminDN";//this is the admin distinguishedName
$adminPswd = "YourAdminPass";
$username = 'Username';//this is the user samaccountname
$userpass = 'UserPass';
$ldap_conn = ldap_connect('ldaps://yourADdomain.local');//I'm using LDAPS here
if (! $ldap_conn) {
echo ("<p style='color: red;'>Couldn't connect to LDAP service</p>");
}
else {
echo ("<p style='color: green;'>Connection to LDAP service successful!</p>");
}
//The first step is to bind the administrator so that we can search user info
$ldapBindAdmin = ldap_bind($ldap_conn, $adminDN, $adminPswd);
if ($ldapBindAdmin){
echo ("<p style='color: green;'>Admin binding and authentication successful!!!</p>");
$filter = '(sAMAccountName='.$username.')';
$attributes = array("name", "telephonenumber", "mail", "samaccountname");
$result = ldap_search($ldap_conn, $baseDN, $filter, $attributes);
$entries = ldap_get_entries($ldap_conn, $result);
$userDN = $entries[0]["name"][0];
echo ('<p style="color:green;">I have the user DN: '.$userDN.'</p>');
//Okay, we're in! But now we need bind the user now that we have the user's DN
$ldapBindUser = ldap_bind($ldap_conn, $userDN, $userpass);
if($ldapBindUser){
echo ("<p style='color: green;'>User binding and authentication successful!!!</p>");
ldap_unbind($ldap_conn); // Clean up after ourselves.
} else {
echo ("<p style='color: red;'>There was a problem binding the user to LDAP :(</p>");
}
} else {
echo ("<p style='color: red;'>There was a problem binding the admin to LDAP :(</p>");
}
?>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
