Nick Nick - 28 days ago 15
PHP Question

Anyway to check if a user account is locked via PHP/LDAP?

We've created an intranet site that requires the same password as the user's network login, so we use LDAP to check the username/password.

That's fine, but if they enter it incorrectly three times it locks their account out, and one or two users have found this confusing.

Is there anyway at all I could check, using LDAP/PHP whether or not their account is locked, so I can display a little message prompting them to contact IT?

Thanks

Answer Source

You need to connect to the LDAP using the LDAP functions in PHP and perform search/read to locate and get the information. You can read about it here: http://us3.php.net/manual/en/book.ldap.php

Find a sample code for reading entries:

if (!($ldap=ldap_connect($ldapip, $ldapport)))  
    {
        die("Error:Unable to connect to the LDAP Server");
        return;
    }
    if (!ldap_bind($ldap, $admindn, $adminpwd))
    {
        die("Error:Unable to bind to '$dn'!");
        return;
    }

    $sr=ldap_search($ldap, $userbasedn, $filter);
    $info = ldap_get_entries($ldap, $sr);

    if($info["count"] > 0)
    {
        $entry = ldap_first_entry($ldap, $sr);
        $return_array = ldap_get_attributes($ldap, $entry);
        if($return_array)
        {
            for ($i=0;$i<$return_array['count'];$i++)
            {
                      print($return_array[$i]);
                      print($return_array[$return_array[$i]][0]);
                    }
        }
    }

You might want to check for the fields lockoutTime in AD, nsaccountlock in LDAP and read them