Active Directory Lookup in PHP

I’ve found it necessary to do some searching of LDAP on a Windows server from a PHP script. It took a while to compile everything I needed, and I thought it’d be helpful if someone else had this code for their use. Read on to find out how to perform an LDAP search against AD.

function connectLDAP($server,$user,$password) {

// Issue the connect command
$ad_connect=ldap_connect($server) or
die ("Could not connect to LDAP");

// These options are required for MS Active Directory
ldap_set_option($ad_connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ad_connect, LDAP_OPT_REFERRALS, 0);

// Bind to AD with the username and password
$ds_connect = ldap_bind($ad_connect,$user,$password) or
die("Couldn't bind to AD!");

// Return handler
return $ad_connect;
}

function disconnectLDAP($handle) {

// Disconnect from the server
ldap_unbind($handle);

}

function searchLDAP($ad,$query,$root,$sort) {

// Query the LDAP server
// Future: Want adjust the array on the fly later, such as objectclass
$sr=ldap_search($ad, $root, $query);

// If a sort field was requested, adjust the list
if ($sort) {
$st=ldap_sort($ad, $sr, $sort);
}

// Generate the array, and return

$info = ldap_get_entries($ad, $sr);

return $info;

}

$ad = connectLDAP($AD_Server,$AD_User,$AD_Password);
$query = "(&(objectClass=person)(SAMAccountName=*)"; // Put whatever you want here
$sort = "";

$info = searchLDAP($ad, $query, $AD_Root, $sort);

if ($info["count"]>0) {
// $info is an array
}

disconnectLDAP($ad);

The above is a basic search string. What is important to note is how the array works. It is a multi-dimensional array. To access data, you will need to cycle through the fields,

$info[$i][$j][0]);

I hope this gets you started.

Leave a Reply

Your email address will not be published. Required fields are marked *