jetstar51
asked on
Authentication with Active Directory in PHP
I am creating a site and want to use Active Directory users as the login to the site. This would be the best way to allow everyone to the site and keep the users and passwords up to date. How do you use PHP to talk with Active Directory to do this login? I have read things about LDAP. Do you have to have that? If so, how do you get that to work?
Any information on using Active Directory with PHP would help.
Thanks in advance,
Ryan
Any information on using Active Directory with PHP would help.
Thanks in advance,
Ryan
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I saw the first site before. I understand now that I need to use LDAP. That leaves one problem; I can't get LDAP to work with PHP. I read php.net and LDAP pages, but I don't understand how to set up LDAP (step-by-step) and I dont know how to recompile php to include LDAP. I am new with this stuff so it might be really easy.
I just need to get LDAP to workand to interact with PHP. Thanks for your help so far. I will give you all the points if I can get it all to work. Good Luck.
Ryan
I just need to get LDAP to workand to interact with PHP. Thanks for your help so far. I will give you all the points if I can get it all to work. Good Luck.
Ryan
ASKER
Basically, I dont know enough to follow those sites propperly. I am decent at PHP, but not with stuff like LDAP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Someone also stated that you might have to restart the server itself before it works.
ASKER
So it automatically works with active directory? How do you find out what LDAP syntax works with your active directory (and server name conventions)?
ASKER
For example, I can get the LDAP to connect and bind.....but i get errors when i try to search. I think I am bound to the wrong place.
THis is from http://ca3.php.net/ldap again. You should have a look at it. (Especially the user comments at the bottom)
Maybe this will help you:
From FWIW:
Before anyone else wastes a day scratching their head wondering why they can't search Active Directory...
I wasn't able to search on Active Directory until I did this (immediately after the ldap_connect):
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
I was able to ldap_bind if I didn't set this option, but I kept receiving errors. Also note, I had to set the option BEFORE binding.
Maybe this will help you:
From FWIW:
Before anyone else wastes a day scratching their head wondering why they can't search Active Directory...
I wasn't able to search on Active Directory until I did this (immediately after the ldap_connect):
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION,
I was able to ldap_bind if I didn't set this option, but I kept receiving errors. Also note, I had to set the option BEFORE binding.
ASKER
i tried that....and still get
Warning: ldap_search(): Search: Operations error
thanks...i will give you the points, its up to you if you want to help me further.
Ryan
Warning: ldap_search(): Search: Operations error
thanks...i will give you the points, its up to you if you want to help me further.
Ryan
ASKER
sorry, meant to give A
I guess you'll have to test it yourself, I cant really help you since a lot of this depends on your server & security stuff.
For reference, I had this same problem.
We had a 2000 server, then upgraded to 2003 and we got the Operations errors all over the place.
The way I eventaully got rid of the "ldap_search(): Search: Operations error" is by doing the following:
// Immediatly after a connect...
// Fix for Windows 2003 AD
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
Sites used:
[1] http://us3.php.net/ldap_search
[2] https://www.experts-exchange.com/questions/21043386/Authentication-with-Active-Directory-in-PHP.html
We had a 2000 server, then upgraded to 2003 and we got the Operations errors all over the place.
The way I eventaully got rid of the "ldap_search(): Search: Operations error" is by doing the following:
// Immediatly after a connect...
// Fix for Windows 2003 AD
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION,
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
Sites used:
[1] http://us3.php.net/ldap_search
[2] https://www.experts-exchange.com/questions/21043386/Authentication-with-Active-Directory-in-PHP.html
Yet.