Thursday, September 19, 2013

PHP - Using php5-ldap to interact with Microsoft Active Directory from Linux

To make the php5-ldap library contactable with a Microsoft Windows Active Directory server, make sure:

1. Install OpenLDAP library:

sudo apt-get install slapd ldap-utils

2. Modify the config file of ldap at /etc/ldap/ldap.conf, !important:

#
# LDAP Defaults
#

 # See ldap.conf(5) for details
# This file should be world readable but not world writable.

 #BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

 #SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

 # TLS certificates (needed for GnuTLS)
# TLS_CACERT    /etc/ssl/certs/ca-certificates.crt

 # add this
TLS_REQCERT never

3. Write a test script and run:

<?php
$ldap = ldap_connect("ldaps://172.18.1.2");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$password="P@ssw0rd";
$binddn = "CN=Admin,OU=ArtificialUsers,DC=MyDomain,DC=COM";

if($bind = ldap_bind($ldap, $binddn,$password )) {
 echo "logged in";
} else {
 echo "fail";
}
echo "done";
?>

So the result will look like this if you connect to the AD server successfully:



\m/\m/\m/