Page 1 of 1

php and LDAP

Posted: Mon Oct 06, 2008 10:51 am
by potato_chip
I would like to know if anyone has configured Open LDAP on Windows XP enviroment. I have WAMP installed on my computer (Apache2.2.8, php5.2.6, MySQL 5.0.51).

My boss is asking me to build an intranet site. Here is what should happen:
1. The php application will recognizes who the users are using Active Directory information without having to log in again.
2. Be able to pull employee information from Active Directory (eg, name, department, hire date, etc...)

I did some reearch and find that the solution is to use PHP/LDAP. But LDAP is for Linux/Unix environment. And I have no clue how to make the configuration for my Windows XP. Could anybody help me!!!!! SOS! I'm quite new to PHP and LDAP. Thank you very much!

Re: php and LDAP

Posted: Mon Oct 06, 2008 8:57 pm
by Doug G
Active Directory is an LDAP server. With proper permissions your code can query the AD database, I assume you can make it happen from PHP code. Windows provides some objects that allow querying AD from script, look around the MS website.

Re: php and LDAP

Posted: Tue Oct 07, 2008 11:31 am
by batfastad
I think that's possible!
I'm not sure about how Apache/PHP will know that a particular user is logged in to the LDAP server though.
I think the user would still have to give their credentials to Apache/PHP so that PHP can access the LDAP server and they can connect.

I am planning a similar thing, once we switch from Exchange/AD to a different mail solution (Zimbra).
But people will still have to enter their credentials to login to our intranet PHP/MySQL server.

I was planning to use an Apache auth_ldap module so that user's enter their email username/password into the Apache auth box.
There appears to be 2 different modules: http://httpd.apache.org/docs/2.2/mod/mo ... _ldap.html and http://www.muquit.com/muquit/software/m ... _ldap.html
At the moment I have to manage users and passwords in 2 places: on our Exchange server, and also in a .htpasswd file on our intranet server. By using Apache's auth_ldap module I am hoping I can get Apache to auth against an LDAP server, so I don't need to update a .htpasswd file as well.

My second step would be to have PHP read the user's full name and email address from their LDAP entry.
But I might not actually do this... because of the way my solution is structured it would mean PHP connecting to LDAP and querying the information on every single page on our intranet - that might add some time to each script.

There's some non-standard things with LDAP and MS Exchange though.
We use SBS 2003 and I have been unable to connect to our server using LDAP, using the reference LDAP browser (http://www.mcs.anl.gov/~gawor/ldap/).
ActiveDirectory LDAP runs on a non-standard port (3268). I wanted a way for our Thunderbird IMAP users to access the Exchange GAL and a few days ago I found this (http://mckenzie-electronics.com/documen ... rbird.html) and successfully got it working.
So PHP should be able to connect through LDAP without any problems.

I have not tried this with PHP yet, but there is a whole host of LDAP functions in PHP (http://uk.php.net/manual/en/ref.ldap.php)
Check your phpinfo() to see if you have PHP's mod_ldap enabled
I think many people have acheived what you're looking for!

HTH, Ben