Page 1 of 1
PHP LDAP connecting to Active directory
Posted: Tue Apr 21, 2009 9:36 am
by simonmlewis
Hello
I wonder if anyone out there has done much in PHP with LDAP, connecting to AD for an Intranet?
I have built the site, but need to connect with AD, so I can see who has logged on, and assign certain levels of access.
The queries based on levels is straight forward enough - but the LDAP is proving impossible.
I have added this code:
Code: Select all
<?
$ldap = ldap_connect('roy-archive');
if(!$ldap) {
die('Could not connect to LDAP server.');
}
if(!ldap_bind($ldap, $ldap_user, $password)) {
die('Could not bind to LDAP server.');
}
$base_dn = 'dc=name,dc=co,dc=uk';
$search = ldap_search($ldap, $base_dn, 'uid='.$username);
if(ldap_count_entries($ldap, $search) < 1) {
die('Username not found');
}
$info = ldap_get_entries($ldap, $search);
if(isset($info[0]['name'])) {
echo 'Username '.$username.' has name '.$info[0]['name'];
} else {
echo 'Entry -name- not found in username '.$username;
}
ldap_close($ldap);
?>
The error I get is this:
Fatal error: Call to undefined function ldap_connect() in C:\xampp\phpmyadmin\royintranet\index.php on line 7
It looks like LDAP isn't even switched on, but I haven't a clue how to do that. So if anyone can answer it for me, or guide me, I'd be most grateful.
Regards
Simon
Re: PHP LDAP connecting to Active directory
Posted: Tue Apr 21, 2009 7:27 pm
by liljester
before you can use ldap extensions you have to enable them in the php.ini file, under the extensions list.
Re: PHP LDAP connecting to Active directory
Posted: Wed Apr 22, 2009 2:03 am
by simonmlewis
Done that. Still no go.
Re: PHP LDAP connecting to Active directory
Posted: Wed Apr 22, 2009 8:04 am
by liljester
have you restarted your webserver service? does the output from phpinfo() show that you are loading ldap extensions?
Re: PHP LDAP connecting to Active directory
Posted: Wed Apr 22, 2009 8:20 am
by simonmlewis
The web service has been restarted many times as the machien is powered down each night (it's a test machine).
The only place in phpinfo I can see ldap mentioned is in "Loaded Modules".. It says:
mod_isapi util_ldap mode_log_config......
Where is the extensions part?
I found PHP.ini in two locations and both have it uncommented.
Re: PHP LDAP connecting to Active directory
Posted: Wed Apr 22, 2009 8:29 am
by liljester
under Dynamic Extensions in the php.ini, you want to uncomment
im not sure what ldap_util is, but that is not the extension that allows you to use the ldap_ funcitons that youre trying to use.
are you using IIS or Apache?
Re: PHP LDAP connecting to Active directory
Posted: Wed Apr 22, 2009 8:41 am
by simonmlewis
That's been uncommented for a while now.
I am using Apache, via xampp. and it's the latest version.
Problem remains.
Re: PHP LDAP connecting to Active directory
Posted: Wed Apr 22, 2009 8:50 am
by liljester
would you mind posting your php.ini and the output from phpinfo() ?
Re: PHP LDAP connecting to Active directory
Posted: Wed Apr 22, 2009 9:18 am
by simonmlewis
both added as separate rar files.
Re: PHP LDAP connecting to Active directory
Posted: Wed Apr 22, 2009 9:40 am
by liljester
ok, try tweaking your php.ini a bit to:
display_startup_errors = On
log_errors = On
and uncomment this one:
error_log = syslog
and then restart your web server.
in windows, display_startup_errors should alert you with any extensions that arent loading (when you run your first php page after the service restarts) atleast in the past it has when i used IIS. also check the windows event viewer to see if it shows any php errors.
im not sure what all strange things the xamp install does, i dont use it so it makes troubleshooting for me a little more difficult.
also, verify that the php_ldap.dll file is in the extensions folder you specify in your php.ini
Re: PHP LDAP connecting to Active directory
Posted: Wed Apr 22, 2009 9:52 am
by simonmlewis
I get a new error now - maybe it means something more to you:
Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't contact LDAP server in C:\xampp\phpmyadmin\royintranet\index.php on line 41
LDAP bind failed...
I think all the ini files are in the right place. I even copied the version from the xampp apache bin folder to windows system and system32.
Re: PHP LDAP connecting to Active directory
Posted: Wed Apr 22, 2009 10:37 am
by liljester
the different error means something that you changed fixed your extension problem.
the new issue is that it cant connect to the ldap port on the server you specified. the server you are trying to connect to a windows server with Active Directory installed? and you have the firewall turned off or allowing the proper LDAP port? also try using the fully qualified name of the AD server instead of "roy-archive".
Re: PHP LDAP connecting to Active directory
Posted: Wed Apr 22, 2009 10:47 am
by simonmlewis
Hi
I just managed to "bind".
In between messages here, I updated the code with roy-archive as the ldap connection, and no username or password, and it produced:
LDAP bind successful...
Now just have to see how to use what I have bound to to see if it can see who I am, via AD. I have no idea how that happens....
Re: PHP LDAP connecting to Active directory
Posted: Wed Apr 22, 2009 11:14 am
by simonmlewis
I am wondering whether I even need LDAP now.
I was told I could gather the environment variables through PHP to gather the username logged on.
This ought to work.... shouldn't it?
Code: Select all
if (isset ($HTTP_ENV_VARS))
{
$_ENV = &$HTTP_ENV_VARS;
}
echo 'My username is ' .$_ENV["USER"] . '!';
...but it doesn't. It's like pulling teeth.
All I need is the username of the person logged onto the PC. If I can get that, I am home free. Just assign that to a cookie and all sorted.
Re: PHP LDAP connecting to Active directory
Posted: Thu Apr 23, 2009 3:31 am
by simonmlewis
I found something useful last night that worked - it asked for the persons username etc (which you'd just instruct people to enter their windows logon to:
Code: Select all
<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="Test"');
header('HTTP/1.0 401 Unauthorized');
echo 'Sorry, you must enter your normal logon details here.';
exit;
} else {
echo "welcome";
}
echo "you are {$_SERVER['PHP_AUTH_USER']}";
?>
But I had a problem with a site so had to clear authenticated sessions and cookies. Now I run the page (that did work), I get this:
Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\phpmyadmin\royintranet\index.php:2) in
I have restarted Apache, restarted the PC and still I get this error.
Any ideas?