Creating an LDAP Server With PHP

Question

I'm looking to create a web based application in PHP that receives LDAP requests and sends LDAP responses back, but doesn't actually use an LDAP server. Specifically I'd like to make the contacts table in a MySQL database available to Thunderbird as an LDAP address book.

Two Questions:

1. Is there an existing library for implementing an LDAP server with PHP? (The PHP_LDAP package is for creating an LDAP client, where the PHP application connects to an existing LDAP server.)

2. How does LDAP data actually get from the client into my script? Does LDAP travel over HTTP? Where the request would show up in:

   $HTTP_RAW_POST_DATA
   

or similar? Can Apache handle LDAP requests and pass them into my script or is it a completely different protocol that requires a different "listener" application to handle?

Answer 1

It's possible to create a pure PHP LDAP server with this library (I wrote it initially for LDAP client purposes):

https://github.com/FreeDSx/LDAP

It works on the basis of a request handler (just an interface) for client requests. Basically you extend a class that will handle client requests and send a response back (in the case of a search anyway). A basic example:

1. Create a request handler extending the generic request handler in the library:

namespace Foo;

use FreeDSx\Ldap\Server\RequestHandler\GenericRequestHandler;

class LdapRequestHandler extends GenericRequestHandler
{
    /**
     * @var array
     */
    protected $users = [
        'user' => '12345',
    ];

    /**
     * Validates the username/password of a simple bind request
     *
     * @param string $username
     * @param string $password
     * @return bool
     */
    public function bind(string $username, string $password): bool
    {
        return isset($this->users[$username]) && $this->users[$username] === $password;
    }

    /**
     * Override the search request. This must send back an entries object.
     *
     * @param RequestContext $context
     * @param SearchRequest $search
     * @return Entries
     */
    public function search(RequestContext $context, SearchRequest $search): Entries
    {
        // Do your logic here with the search request, return entries...
        return new Entries(
            Entry::create('cn=Foo,dc=FreeDSx,dc=local', [
                'cn' => 'Foo',
                'sn' => 'Bar',
                'givenName' => 'Foo',
            ]),
            Entry::create('cn=Chad,dc=FreeDSx,dc=local', [
                'cn' => 'Chad',
                'sn' => 'Sikorra',
                'givenName' => 'Chad',
            ])
        );
    }
}

2. Using the request handler, create a LDAP server process that listens on port 389 for clients:

use FreeDSx\Ldap\LdapServer;
use Foo\LdapRequestHandler;

$server = new LdapServer([ 'request_handler' => LdapRequestHandler::class ]);
$server->run();

There are more docs on the server component of the library here:

https://github.com/FreeDSx/LDAP/tree/master/docs/Server

A few caveats to this:

• Currently no paging / vlv support for the server
• Currently no way to return controls from the request handler back to the client.

Answer 2

The LDAP protocol is not natively handled by Apache, and I've not seen any Apache modules that handle that protocol. I don't believe you'll be able to do it using PHP through Apache. You might be able to implement a pure PHP server (see http://php.net/manual/en/function.stream-socket-server.php) and then implement the LDAP protocol packet parser in PHP as well. I don't believe there is a native ASN1 parser for PHP, but you might be able to find one in C and somehow integrate it.