Link to home
Start Free TrialLog in
Avatar of msosno
msosno

asked on

LDAP Active Directory Syntax

I need to write PHP code to connect to active directory using LDAP and perform several reads. The parameters that will be read are: user name, office/building address, email, phone, and department,  The code will be a few PHP functions. The problem is that active directory is not installed yet. The code will be tested with another LDAP server.
Does active directory have the same syntax as other LDAP directories (cn = user name, and so on)? Is it safe to write the code and test it with another LDAP server?
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image


In part.

The attribute names you're working with are likely to differ significantly. For the fields you quote above the attribute names are:

Username -> sAMAccountName
Office Name -> physicalDeliveryOfficeName
Street -> streetAddress
Post / Zip Code -> postalCodel
State -> st
City -> l
Country -> c
Email -> mail
Phone -> telephoneNumber
Department -> department

Then you may find yourself working with the structure of the directory, depending on how you're retrieving the data.

Chris
Avatar of msosno
msosno

ASKER

Thanks for your response! I am connecting with PHP and it can search for distinguished name.
http://us2.php.net/ldap
I have two questions:
1. It looks like CN, C and other parameters are the same for all LDAP directories, am I right (see the table in the middle: http://www.rlmueller.net/LDAP_Binding.htm ) ?
2. The main thing that worries me, will I be able to write code for an LDAP server other than active directory and then make it work with active directory easily (just by changing variable names (if necessary)?
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of msosno

ASKER

Thanks. The fields that really interest me are also IP Address and Mac Address.
Does active directory store all this information in one record? For example, does a record for user contain IP Address, MAC address, owner's name and so on? Or is it up to the administrator how these records are populated?

It doesn't store those at all I'm afraid. You'd have to retrieve those by other means (nslookup, ping, etc for IP).

Chris
Avatar of msosno

ASKER

ok, thanks for your help. I am just curious, do experts get paid somehow?

Nope, all entirely voluntary.

Chris
This might help (from my website):
http://www.wisesoft.co.uk/Scripts/activedirectoryschema.aspx

It maps the attributes in the user interface to their "real" names in the directory.