php and LDAP

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
potato_chip
Forum Newbie
Posts: 20
Joined: Mon Oct 06, 2008 10:38 am

php and LDAP

Post by potato_chip »

I would like to know if anyone has configured Open LDAP on Windows XP enviroment. I have WAMP installed on my computer (Apache2.2.8, php5.2.6, MySQL 5.0.51).

My boss is asking me to build an intranet site. Here is what should happen:
1. The php application will recognizes who the users are using Active Directory information without having to log in again.
2. Be able to pull employee information from Active Directory (eg, name, department, hire date, etc...)

I did some reearch and find that the solution is to use PHP/LDAP. But LDAP is for Linux/Unix environment. And I have no clue how to make the configuration for my Windows XP. Could anybody help me!!!!! SOS! I'm quite new to PHP and LDAP. Thank you very much!
Doug G
Forum Contributor
Posts: 282
Joined: Sun Sep 09, 2007 6:27 pm

Re: php and LDAP

Post by Doug G »

Active Directory is an LDAP server. With proper permissions your code can query the AD database, I assume you can make it happen from PHP code. Windows provides some objects that allow querying AD from script, look around the MS website.
User avatar
batfastad
Forum Contributor
Posts: 433
Joined: Tue Mar 30, 2004 4:24 am
Location: London, UK

Re: php and LDAP

Post by batfastad »

I think that's possible!
I'm not sure about how Apache/PHP will know that a particular user is logged in to the LDAP server though.
I think the user would still have to give their credentials to Apache/PHP so that PHP can access the LDAP server and they can connect.

I am planning a similar thing, once we switch from Exchange/AD to a different mail solution (Zimbra).
But people will still have to enter their credentials to login to our intranet PHP/MySQL server.

I was planning to use an Apache auth_ldap module so that user's enter their email username/password into the Apache auth box.
There appears to be 2 different modules: http://httpd.apache.org/docs/2.2/mod/mo ... _ldap.html and http://www.muquit.com/muquit/software/m ... _ldap.html
At the moment I have to manage users and passwords in 2 places: on our Exchange server, and also in a .htpasswd file on our intranet server. By using Apache's auth_ldap module I am hoping I can get Apache to auth against an LDAP server, so I don't need to update a .htpasswd file as well.

My second step would be to have PHP read the user's full name and email address from their LDAP entry.
But I might not actually do this... because of the way my solution is structured it would mean PHP connecting to LDAP and querying the information on every single page on our intranet - that might add some time to each script.

There's some non-standard things with LDAP and MS Exchange though.
We use SBS 2003 and I have been unable to connect to our server using LDAP, using the reference LDAP browser (http://www.mcs.anl.gov/~gawor/ldap/).
ActiveDirectory LDAP runs on a non-standard port (3268). I wanted a way for our Thunderbird IMAP users to access the Exchange GAL and a few days ago I found this (http://mckenzie-electronics.com/documen ... rbird.html) and successfully got it working.
So PHP should be able to connect through LDAP without any problems.

I have not tried this with PHP yet, but there is a whole host of LDAP functions in PHP (http://uk.php.net/manual/en/ref.ldap.php)
Check your phpinfo() to see if you have PHP's mod_ldap enabled
I think many people have acheived what you're looking for!

HTH, Ben
Post Reply