Drop Down MenusCSS Drop Down MenuPure CSS Dropdown Menu

Wednesday, April 11, 2012

LDAP implementation using PHP

The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. In this post we'll see that how we can connect to LDAP using PHP. Bais knowledge of PHP is required to understand this functionality. 

Steps to implement LDAP using PHP 
 Step 1: Prepare an array to pass as settings to connect LDAP server
   $settings = array(
     'server' => '10.**.25*.25',  // LDAP Server
     'account' => '*******************', // LDAP Account Name
     'password' => '**********', // LDAP Password for above account name
     'path' => '***************************'  // Path to connect LDAP Server
);
Step 2: Connect to LDAP server ldap_connect() function is used to open a connection with the LDAP server. If a connection is possible, the function returns a link identifier that is used for all subsequent communication with the LDAP server. If a connection is not possible, the function returns false. 
  if (!$ds = ldap_connect($settings['server']))
  {
    // if unable to connect, error message will be displayed
    echo 'Unable to connect to LDAP server at ' . $settings['server'];
    exit(0);
  }
Setting the value of the given option. 
    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ds, LDAP_OPT_REFERRALS, true);
    ldap_set_option($ds, LDAP_OPT_DEREF, LDAP_DEREF_ALWAYS);
Once a connection is established, the next step is to "bind" it to the LDAP server via the ldap_bind() function call. 
 if (!$r = ldap_bind($ds, $settings['account'], $settings['password']))
 {
 /* if unable to bind, ldap_errno — Return the LDAP error number of the last LDAP command  and
 ldap_error — Return the LDAP error message of the last LDAP command */ 
 echo 'Unable to bind to LDAP server at ' . $settings['server'] . '. Error: ' . ldap_errno($ds) . ' - ' . ldap_error($ds);
   exit(0);
 }
Step 3: Searching in LDAP tree Set the username to look up( if the assumptions mentioned will work,we'll use any of the function mentioned below, that will provide us the login username) 
 $username = $_SERVER['AUTH_USER']/$_SERVER['REMOTE_USER'];
An array of the required attributes 
 $attributes = array('mail', 'sn', 'givenName');
This function requires three parameters - the LDAP link identifier, the DN of the location in the LDAP hierarchy where the search should begin, and the search query string itself. The return value of ldap_search() is a result set with the entries that match the query. 
    $sr = ldap_search($ds, $settings['path'], '(sAMAccountName=' . $username.')', $attributes);
A count of all the entries in the result set can be obtained via a call to ldap_count_entries() 
 
  if ((!ldap_count_entries($ds, $sr)) )
  {
     /* if entry is not present in the LDAP as well as Database, error will be displayed */
      echo 'User ' . $username . ' not found.';
     exit(0);
  }
Get all result entries. 
    $info = ldap_get_entries($ds, $sr);
Step 4: Closing LDAP connection Once the result set has been processed, the connection to the LDAP server can be closed via a call to ldap_close() 
    ldap_close($ds);
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)