Zeff wrote:
Hi all,
Via a PHP script (running on a LAMP configuration - PHP with LDAP
support), I run queries on the LDAP server of our office (users and
arguments). Now, I want to put the result of this query (user
information) in a Windows 2003 AD.
I use PHP-ldap functions to connect with the domain controller: making
connection is no problem, but binding (authenticated, I even tried
Domain Administrator credentials) doesn't work...
Does anyone has experience with this matter (PHP and AD
connection/communucation)?
Thanks in advance!
Zeff.
I've done a bit of this, it can be a bit brain busting. Does something
like this work? (This should bind to the AD an search for the DN of
JoeUser)
$ldap_def_user = "cn=ldapquery,ou=Users,dc=yourcompany,dc=com";
$ldap_def_pass = "password";
$ldap_server = "server.yourcompany.com";
$ldap_base_dn = "ou=Users,dc=yourcompany,dc=com";
$Connect = ldap_connect($ldap_server) ;
$Bind = ldap_bind($Connect,$ldap_def_user,$ldap_def_pass) ;
if( !$Bind) die "Unable to bind to directory";
$UserName=JoeUser;
$ld_filter = '(sAMAccountName=' . $UserName . ')';
$ld_data = array('dn');
$ld_sr = ldap_search($Connect, $ldap_base_dn, $ld_filter, $ld_data);
$ld_info = ldap_get_entries($ld_connect, $ld_sr);
$ld_count = $ld_info['count'];
if ( $ld_count < 1) die "User doesn't exist";
$ldap_user_dn = $ld_info[0]['dn'];
print("UserName is $ldap_user_dn");
I did have some success with using
ldap_bin("ldaps://us******@server.yourcompany.com") but have lost my
notes on that.
One thing to watch is when you're dealing with the unique identifier of
an object, the GUID. It's specified as a 128 bit octet string, but they
allow NULLS. (What idiot allows a NULL inside a string???) You have to
use binary ldap fetches and convert it into a hex string.
Good luck :-)
Sacs
