php bind ldap to active directory

1
votes

In PHP, how can you bind using a property other than the default cn? (I'm not asking how to validate a user account using LDAP search queries, I'm specifically asking how I can bind using a sAMAaccountname and password in PHP).

In Perl, this is possible by specifying the property to query directly on the LDAP string:

ldap://ldap.example.com/dc=example,dc=com?sAMAccountName

The php ldap_connect funciton only takes a server name so these additional parameters are not able to be passed. Also the bind function only takes a connection, username, and password.

2
phpactive-directoryldap

2 Answers

7
votes

Connect simply opens the connection it doesn't set any credentials on the connection. Once the connection is open you bind it to a set of credentials using ldap_bind.

In connecting to AD you can use 3 different formats for the username.

  1. The DN.
  2. The samAccountName which may or may not need the domain prefixed in it as Domain\samAccountName.
  3. The user principal name which has a format that looks similar to an email address.
0
votes

I have used adLDAP in the past and it's worked incredibly well. If you choose not to use that script, it should at least point you in the correct direction (ahh, the joys of open source).