Joel Joel - 7 months ago 24
PHP Question

php bind ldap to active directory

In PHP, how can you bind using a property other than the default cn? (I'm not asking how to validate a user account using LDAP search queries, I'm specifically asking how I can bind using a sAMAaccountname and password in PHP).

In Perl, this is possible by specifying the property to query directly on the LDAP string:

ldap://ldap.example.com/dc=example,dc=com?sAMAccountName


The php ldap_connect funciton only takes a server name so these additional parameters are not able to be passed. Also the bind function only takes a connection, username, and password.

Answer

Connect simply opens the connection it doesn't set any credentials on the connection. Once the connection is open you bind it to a set of credentials using ldap_bind.

In connecting to AD you can use 3 different formats for the username.

  1. The DN.
  2. The samAccountName which may or may not need the domain prefixed in it as Domain\samAccountName.
  3. The user principal name which has a format that looks similar to an email address.