Authenticating in PHP using LDAP through Active Directory

php active directory authentication script
php active directory authentication single sign-on
php ldap get user info
how to use ldap
ldap active directory
ldap authentication tutorial
php ldap_bind
php get active directory users

I'm looking for a way to authenticate users through LDAP with PHP (with Active Directory being the provider). Ideally, it should be able to run on IIS 7 (adLDAP does it on Apache). Anyone had done anything similar, with success?

  • Edit: I'd prefer a library/class with code that's ready to go... It'd be silly to invent the wheel when someone has already done so.

Importing a whole library seems inefficient when all you need is essentially two lines of code...

$ldap = ldap_connect("ldap.example.com");
if ($bind = ldap_bind($ldap, $_POST['username'], $_POST['password'])) {
  // log them in!
} else {
  // error message
}

Authenticating in PHP using LDAP through Active Directory, A brief tutorial on how to use LDAP to connect to Active Directory with PHP. Useful for authentication to Active Directory with PHP. Goal: Use LDAP and PHP to authenticate with Active Directory Prerequisites: PHP LDAP extension , Working knowledge of PHP Many times in enterprise environments you already have an active directory server and all the users you would ever want to access something have an account there.

Using LDAP Active Directory Authentication with PHP :: ExchangeCore, ldap_compare — Compare value of attribute found in entry specified with DN which can be useful for work with LDAP (Active Directory in this example). Teams. Q&A for Work. Stack Overflow for Teams is a private, secure spot for you and your coworkers to find and share information.

I do this simply by passing the user credentials to ldap_bind().

http://php.net/manual/en/function.ldap-bind.php

If the account can bind to LDAP, it's valid; if it can't, it's not. If all you're doing is authentication (not account management), I don't see the need for a library.

LDAP Functions - Manual, Login to your PHP API applications with Active Directory / LDAP Includes, identity management, single sign on, multifactor authentication, social login and more. A common request when building INTRANET web applications is to have users use only one common shared set of login credentials. Typically in most small and medium businesses this means that logging into a Windows Server of some kind to access the network.

I like the Zend_Ldap Class, you can use only this class in your project, without the Zend Framework.

PHP LDAP Tutorial Part 1 - Connect to LDAP Server, Windows Servers use Active Directory (AD) ,which is basically We can leverage this by using PHP's LDAP module to perform the login check  This video shows how you can quickly add Azure Active Directory authentication to a PHP application using the Magium Active Directory integration found at ht

PHP has libraries: http://ca.php.net/ldap

PEAR also has a number of packages: http://pear.php.net/search.php?q=ldap&in=packages&x=0&y=0

I haven't used either, but I was going to at one point and they seemed like they should work.

PHP LDAP Tutorial Part 3, adLDAP is a PHP class that provides LDAP authentication and integration with Active Directory. Intelligent Active Directory integration with PHP was a holy grail​  MySQL Enterprise Edition provides ready to use external authentication modules to easily integrate existing security infrastructures, including Linux Pluggable Authentication Modules (PAM) and Windows Active Directory. By authenticating MySQL users from centralized directories, organizations can implement Single Sign On.

Authenticate PHP API with Active Directory / LDAP, Just a quickie for anyone looking to authorise users on a PHP driven website by directly connecting to a Windows Server's Active Directory using LDAP. The little​  LDAP user authentication is the process of validating a username and password combination with a directory server such MS Active Directory, OpenLDAP or OpenDJ. LDAP directories are standard technology for storaging user, group and permission information and serving that to applications in the enterprise. Authenticating users with an LDAP directory is a two-step process. This article explains the mechanics of it and then how to configure it in LdapAuth.

PHP on Linux authenticate users with a Windows Server Active , Develop faster with Okta's out-of-the-box authentication, authorization & user management. LDAP is the standard protocol for reading data from and writing data to Active Directory (AD) domain controllers. AD LDAP traffic is unsecured by default, which makes it possible to use network-monitoring software to view the LDAP traffic between clients and domain controllers. By default,

adLDAP, Only enter one set of credentials to access web apps in the cloud and behind the firewall. Previous versions of Retain do not have the ability to authenticate via LDAP with Active Directory. For previous versions, please contact support. 2. Go into the GroupWise module | Configure | LDAP. 3. Fill out the LDAP information to connect to the Active Directory. Save the changes. 4. Stop the Retain-tomcat service.

Comments
  • I thinks drupal has a module for thatr
  • Some installations of AD will bind successfully if the password provided is empty. Watch out for this! You may need to ensure a non-empty password before trying to authenticate.
  • @diolemo Is there any way to prevent this without checking if the password is empty?
  • @Neal You may be able to use ldap_set_option to make it behave in a different way. Perhaps setting the protocol version? You will have to experiment. I would personally suggest you check for an empty password anyway, just to be safe.
  • @diolemo I made a new question related to this.
  • To the anonymous editor: no, to my knowledge, input sanitization isn't required here as ldap_bind would be handling it and special characters aren't an issue.
  • For LDAP connections, TLS has been deprecated in favor of StartTLS: openldap.org/faq/data/cache/605.html.
  • @zenlord Using the ldaps:// format for the connection is deprecated. In my example, when you specify setUseTls(true) it uses ldap:// format and then issues a StartTLS using ldap_start_tls($connection). So TLS itself hasn't been deprecated, just connecting using ldaps:// (which actually connects to LDAP over a completely different port).
  • I went through the trouble of implementing the above to find that was for managing not authenticating. I intend to switch to zend.auth.adapter.ldap