PHP LDAP connecting to Active directory

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

PHP LDAP connecting to Active directory

Post by simonmlewis »

Hello

I wonder if anyone out there has done much in PHP with LDAP, connecting to AD for an Intranet?

I have built the site, but need to connect with AD, so I can see who has logged on, and assign certain levels of access.

The queries based on levels is straight forward enough - but the LDAP is proving impossible.

I have added this code:

Code: Select all

<?
$ldap = ldap_connect('roy-archive');
 
if(!$ldap) {
  die('Could not connect to LDAP server.');
}
 
if(!ldap_bind($ldap, $ldap_user, $password)) {
  die('Could not bind to LDAP server.');
}
 
$base_dn = 'dc=name,dc=co,dc=uk';
$search = ldap_search($ldap, $base_dn, 'uid='.$username);
if(ldap_count_entries($ldap, $search) < 1) {
  die('Username not found');
}
 
$info = ldap_get_entries($ldap, $search);
 
if(isset($info[0]['name'])) {
  echo 'Username '.$username.' has name '.$info[0]['name'];
} else {
  echo 'Entry -name- not found in username '.$username;
}
 
ldap_close($ldap);
?>
The error I get is this:
Fatal error: Call to undefined function ldap_connect() in C:\xampp\phpmyadmin\royintranet\index.php on line 7
It looks like LDAP isn't even switched on, but I haven't a clue how to do that. So if anyone can answer it for me, or guide me, I'd be most grateful.

Regards
Simon
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
liljester
Forum Contributor
Posts: 400
Joined: Tue May 20, 2003 4:49 pm

Re: PHP LDAP connecting to Active directory

Post by liljester »

before you can use ldap extensions you have to enable them in the php.ini file, under the extensions list.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: PHP LDAP connecting to Active directory

Post by simonmlewis »

Done that. Still no go.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
liljester
Forum Contributor
Posts: 400
Joined: Tue May 20, 2003 4:49 pm

Re: PHP LDAP connecting to Active directory

Post by liljester »

have you restarted your webserver service? does the output from phpinfo() show that you are loading ldap extensions?
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: PHP LDAP connecting to Active directory

Post by simonmlewis »

The web service has been restarted many times as the machien is powered down each night (it's a test machine).

The only place in phpinfo I can see ldap mentioned is in "Loaded Modules".. It says:
mod_isapi util_ldap mode_log_config......
Where is the extensions part?

I found PHP.ini in two locations and both have it uncommented.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
liljester
Forum Contributor
Posts: 400
Joined: Tue May 20, 2003 4:49 pm

Re: PHP LDAP connecting to Active directory

Post by liljester »

under Dynamic Extensions in the php.ini, you want to uncomment

Code: Select all

extension=php_ldap.dll
im not sure what ldap_util is, but that is not the extension that allows you to use the ldap_ funcitons that youre trying to use.

are you using IIS or Apache?
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: PHP LDAP connecting to Active directory

Post by simonmlewis »

That's been uncommented for a while now.

I am using Apache, via xampp. and it's the latest version.

Problem remains.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
liljester
Forum Contributor
Posts: 400
Joined: Tue May 20, 2003 4:49 pm

Re: PHP LDAP connecting to Active directory

Post by liljester »

would you mind posting your php.ini and the output from phpinfo() ?
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: PHP LDAP connecting to Active directory

Post by simonmlewis »

both added as separate rar files.
Attachments
phpinfo.rar
(7.51 KiB) Downloaded 87 times
php.rar
The PHP.ini file from xampp/apache/bin.
(14.72 KiB) Downloaded 87 times
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
liljester
Forum Contributor
Posts: 400
Joined: Tue May 20, 2003 4:49 pm

Re: PHP LDAP connecting to Active directory

Post by liljester »

ok, try tweaking your php.ini a bit to:

display_startup_errors = On
log_errors = On

and uncomment this one:
error_log = syslog

and then restart your web server.

in windows, display_startup_errors should alert you with any extensions that arent loading (when you run your first php page after the service restarts) atleast in the past it has when i used IIS. also check the windows event viewer to see if it shows any php errors.

im not sure what all strange things the xamp install does, i dont use it so it makes troubleshooting for me a little more difficult.

also, verify that the php_ldap.dll file is in the extensions folder you specify in your php.ini
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: PHP LDAP connecting to Active directory

Post by simonmlewis »

I get a new error now - maybe it means something more to you:
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in C:\xampp\phpmyadmin\royintranet\index.php on line 41
LDAP bind failed...
I think all the ini files are in the right place. I even copied the version from the xampp apache bin folder to windows system and system32.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
liljester
Forum Contributor
Posts: 400
Joined: Tue May 20, 2003 4:49 pm

Re: PHP LDAP connecting to Active directory

Post by liljester »

the different error means something that you changed fixed your extension problem.

the new issue is that it cant connect to the ldap port on the server you specified. the server you are trying to connect to a windows server with Active Directory installed? and you have the firewall turned off or allowing the proper LDAP port? also try using the fully qualified name of the AD server instead of "roy-archive".
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: PHP LDAP connecting to Active directory

Post by simonmlewis »

Hi
I just managed to "bind".

In between messages here, I updated the code with roy-archive as the ldap connection, and no username or password, and it produced:
LDAP bind successful...
Now just have to see how to use what I have bound to to see if it can see who I am, via AD. I have no idea how that happens....
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: PHP LDAP connecting to Active directory

Post by simonmlewis »

I am wondering whether I even need LDAP now.

I was told I could gather the environment variables through PHP to gather the username logged on.

This ought to work.... shouldn't it?

Code: Select all

 
    if (isset ($HTTP_ENV_VARS))
    {
        $_ENV = &$HTTP_ENV_VARS;
    }
echo 'My username is ' .$_ENV["USER"] . '!';
...but it doesn't. It's like pulling teeth.

All I need is the username of the person logged onto the PC. If I can get that, I am home free. Just assign that to a cookie and all sorted.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: PHP LDAP connecting to Active directory

Post by simonmlewis »

I found something useful last night that worked - it asked for the persons username etc (which you'd just instruct people to enter their windows logon to:

Code: Select all

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="Test"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Sorry, you must enter your normal logon details here.';
    exit;
} else {
echo "welcome";
}
 
 
echo "you are {$_SERVER['PHP_AUTH_USER']}";
?>
But I had a problem with a site so had to clear authenticated sessions and cookies. Now I run the page (that did work), I get this:
Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\phpmyadmin\royintranet\index.php:2) in
I have restarted Apache, restarted the PC and still I get this error.

Any ideas?
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
Post Reply