Avatar of jetstar51
jetstar51 asked on

Authentication with Active Directory in PHP

I am creating a site and want to use Active Directory users as the login to the site.  This would be the best way to allow everyone to the site and keep the users and passwords up to date.  How do you use PHP to talk with Active Directory to do this login?  I have read things about LDAP.  Do you have to have that?  If so, how do you get that to work?

Any information on using Active Directory with PHP would help.  

Thanks in advance,
Ryan
PHP

Avatar of undefined
Last Comment
kd7edh

8/22/2022 - Mon
Richard Quadling

Oh. Nice question. Pity I know nothing about Active Directory.

Yet.
SOLUTION
Richard Quadling

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
jetstar51

I saw the first site before.  I understand now that I need to use LDAP.  That leaves one problem; I can't get LDAP to work with PHP.  I read php.net and LDAP pages, but I don't understand how to set up LDAP (step-by-step) and I dont know how to recompile php to include LDAP.  I am new with this stuff so it might be really easy.

I just need to get LDAP to workand to interact with PHP.  Thanks for your help so far.  I will give you all the points if I can get it all to work.  Good Luck.

Ryan
ASKER
jetstar51

Basically, I dont know enough to follow those sites propperly.  I am decent at PHP, but not with stuff like LDAP.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
TheClickMaster

Someone also stated that you might have to restart the server itself before it works.
ASKER
jetstar51

So it automatically works with active directory?  How do you find out what LDAP syntax works with your active directory (and server name conventions)?
ASKER
jetstar51

For example, I can get the LDAP to connect and bind.....but i get errors when i try to search.  I think I am bound to the wrong place.  
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
TheClickMaster

THis is from http://ca3.php.net/ldap again. You should have a look at it. (Especially the user comments at the bottom)

Maybe this will help you:

From FWIW:

Before anyone else wastes a day scratching their head wondering why they can't search Active Directory...
I wasn't able to search on Active Directory until I did this (immediately after the ldap_connect):

ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);

I was able to ldap_bind if I didn't set this option, but I kept receiving errors.  Also note, I had to set the option BEFORE binding.
ASKER
jetstar51

i tried that....and still get

Warning: ldap_search(): Search: Operations error

thanks...i will give you the points, its up to you if you want to help me further.

Ryan
ASKER
jetstar51

sorry, meant to give A
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
TheClickMaster

I guess you'll have to test it yourself, I cant really help you since a lot of this depends on your server & security stuff.
kd7edh

For reference, I had this same problem.

We had a 2000 server, then upgraded to 2003 and we got the Operations errors all over the place.

The way I eventaully got rid of the "ldap_search(): Search: Operations error" is by doing the following:

// Immediatly after a connect...
// Fix for Windows 2003 AD
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);


Sites used:
[1] http://us3.php.net/ldap_search
[2] https://www.experts-exchange.com/Web/Web_Languages/PHP/PHP_Windows/Q_21043386.html