Friday, September 27, 2013

php5-ldap - Useful ldap snipet

This is a super useful php snipet to debug the ldap search:

#==============================================================================
# Configuration
#==============================================================================
# LDAP
$ldap_url = "ldaps://ldap.server1 ldaps://ldap.server2";
$ldap_binddn = "cn=manager,dc=example,dc=com";
$ldap_bindpw = "P@ssw0rd";
$ldap_base = "dc=example,dc=com";
#$ldap_filter = "(&(objectClass=person)(uid={login}))";
$ldap_filter = "(&(objectClass=user)(sAMAccountName={login})(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";


$login = "genius";


# Connect to LDAP
$ldap = ldap_connect($ldap_url);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);

# Bind
if ( isset($ldap_binddn) && isset($ldap_bindpw) ) {
$bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw);
} else {
$bind = ldap_bind($ldap);
}

$errno = ldap_errno($ldap);
if ( $errno ) {
$result = "ldaperror";
error_log("LDAP - Bind error $errno  (".ldap_error($ldap).")");
} else {
# Search for user
$ldap_filter = str_replace("{login}", $login, $ldap_filter);
$search = ldap_search($ldap, $ldap_base, $ldap_filter);

$errno = ldap_errno($ldap);
if ( $errno ) {
$result = "ldaperror";
error_log("LDAP - Search error $errno  (".ldap_error($ldap).")");
} else {
$data = ldap_get_entries($ldap, $search);
                # print all the data
                print_r($data);
}
}