Authenticating in PHP using LDAP through Active Directory

Question

I'm looking for a way to authenticate users through LDAP with PHP (with Active Directory being the provider). Ideally, it should be able to run on IIS 7 (adLDAP does it on Apache). Anyone had done anything similar, with success?

• Edit: I'd prefer a library/class with code that's ready to go... It'd be silly to invent the wheel when someone has already done so.

Answer 1

PHP has libraries: http://ca.php.net/ldap

PEAR also has a number of packages: http://pear.php.net/search.php?q=ldap&in=packages&x=0&y=0

I haven't used either, but I was going to at one point and they seemed like they should work.

Answer 2

I like the Zend_Ldap Class, you can use only this class in your project, without the Zend Framework.

Answer 3

I do this simply by passing the user credentials to ldap_bind().

http://php.net/manual/en/function.ldap-bind.php

If the account can bind to LDAP, it's valid; if it can't, it's not. If all you're doing is authentication (not account management), I don't see the need for a library.

Answer 4

Importing a whole library seems inefficient when all you need is essentially two lines of code...

$ldap = ldap_connect("ldap.example.com")
if($bind = ldap_bind($ldap, $_POST['username'], $_POST['password'])) {
  // log them in!
} else {
  // error message
}

Answer 5

Thanks this is simple and works!

$ldap = ldap_connect("ldap.example.com"); if($bind = ldap_bind($ldap, $_POST['username'], $_POST['password'])) { // log them in! } else { // error message }

Is there a way to return the username used to bind? I've tried a few things and I get no value. Would like the username becuase the intranet has secure and unsecure sections that are based on user.

Thanks