Thursday, September 19, 2013

PHP - Using php5-ldap to interact with Microsoft Active Directory from Linux

To make the php5-ldap library contactable with a Microsoft Windows Active Directory server, make sure:

1. Install OpenLDAP library:

sudo apt-get install slapd ldap-utils

2. Modify the config file of ldap at /etc/ldap/ldap.conf, !important:

# LDAP Defaults

 # See ldap.conf(5) for details
# This file should be world readable but not world writable.

 #BASE   dc=example,dc=com
#URI    ldap:// ldap://

 #SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

 # TLS certificates (needed for GnuTLS)
# TLS_CACERT    /etc/ssl/certs/ca-certificates.crt

 # add this

3. Write a test script and run:

$ldap = ldap_connect("ldaps://");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$binddn = "CN=Admin,OU=ArtificialUsers,DC=MyDomain,DC=COM";

if($bind = ldap_bind($ldap, $binddn,$password )) {
 echo "logged in";
} else {
 echo "fail";
echo "done";

So the result will look like this if you connect to the AD server successfully: