phpldap

Active Directory integration with Wordpress and LDAP


I am implementing Wordpress authentication with Active Directory Credentials using LDAP. For this I have dedicated service account ‘user’. With this service account I am not able to getting complete user list which is required for authentication purpose. I am not sure but It could be the case of permissions with service account.

I am able to connect with AD with the service account but when I am trying to query for users, it returns nothing. I need whole user list from AD

// config
$ldapserver = 'My server';
$ldapport = 389;
$ldapuser      = 'User';  
$ldappass     = 'password';
$ldaptree    = "complete String";
// connect 
$ldapconn = ldap_connect($ldapserver,$ldapport) or die("Could not connect to LDAP server.");if($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldapuser, $ldappass) or die ("Error trying to bind: ".ldap_error($ldapconn));
// verify binding
if ($ldapbind) {
    echo "LDAP bind successful...<br /><br />";

    $filter = "(&(&(&(objectCategory=person)(objectClass=user))))";
    $result = ldap_search($ldapconn,$ldaptree, $filter) or die ("Error in search query: ".ldap_error($ldapconn));
    $data = ldap_get_entries($ldapconn, $result);

    // SHOW ALL DATA
    echo '<h1>Dump all data</h1><pre>';
    print_r($data);    
    echo '</pre>';


    // iterate over array and print data for each entry
    echo '<h1>Show me the users</h1>';
    for ($i=0; $i<$data["count"]; $i++) {
        //echo "dn is: ". $data[$i]["dn"] ."<br />";
        echo "User: ". $data[$i]["cn"][0] ."<br />";
        if(isset($data[$i]["mail"][0])) {
            echo "Email: ". $data[$i]["mail"][0] ."<br /><br />";
        } else {
            echo "Email: None<br /><br />";
        }
    }
    // print number of entries found
    echo "Number of entries found: " . ldap_count_entries($ldapconn, $result);
} else {
    echo "LDAP bind failed...";
}}// all done? clean up
ldap_close($ldapconn);

Solution

  • Here is a guide / code snippit for authenticating using PHP and active directory. If you are dead set on retrieving ALL users for some reason simply modify the filter, and then remove the break statement in the for loop.

    http://www.exchangecore.com/blog/how-use-ldap-active-directory-authentication-php/