LDAP Active Directory Syntax

I need to write PHP code to connect to active directory using LDAP and perform several reads. The parameters that will be read are: user name, office/building address, email, phone, and department,  The code will be a few PHP functions. The problem is that active directory is not installed yet. The code will be tested with another LDAP server.
Does active directory have the same syntax as other LDAP directories (cn = user name, and so on)? Is it safe to write the code and test it with another LDAP server?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Chris DentPowerShell DeveloperCommented:

In part.

The attribute names you're working with are likely to differ significantly. For the fields you quote above the attribute names are:

Username -> sAMAccountName
Office Name -> physicalDeliveryOfficeName
Street -> streetAddress
Post / Zip Code -> postalCodel
State -> st
City -> l
Country -> c
Email -> mail
Phone -> telephoneNumber
Department -> department

Then you may find yourself working with the structure of the directory, depending on how you're retrieving the data.

msosnoAuthor Commented:
Thanks for your response! I am connecting with PHP and it can search for distinguished name.
I have two questions:
1. It looks like CN, C and other parameters are the same for all LDAP directories, am I right (see the table in the middle: http://www.rlmueller.net/LDAP_Binding.htm ) ?
2. The main thing that worries me, will I be able to write code for an LDAP server other than active directory and then make it work with active directory easily (just by changing variable names (if necessary)?
Chris DentPowerShell DeveloperCommented:

1. Common Name and Domain Component are used in all X500 compliant directories, including Active Directory. So those at least carry easily.

2. In theory, yes I don't see why not. But I couldn't give you a fully qualified, practically backed, answer to that.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

msosnoAuthor Commented:
Thanks. The fields that really interest me are also IP Address and Mac Address.
Does active directory store all this information in one record? For example, does a record for user contain IP Address, MAC address, owner's name and so on? Or is it up to the administrator how these records are populated?
Chris DentPowerShell DeveloperCommented:

It doesn't store those at all I'm afraid. You'd have to retrieve those by other means (nslookup, ping, etc for IP).

msosnoAuthor Commented:
ok, thanks for your help. I am just curious, do experts get paid somehow?
Chris DentPowerShell DeveloperCommented:

Nope, all entirely voluntary.

This might help (from my website):

It maps the attributes in the user interface to their "real" names in the directory.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.