Skip to content

Instantly share code, notes, and snippets.

@kitsaels

kitsaels/LdapEntry.php

Last active May 22, 2019 13:30
Show Gist options
  • Save kitsaels/a6335152f938a0c547d5d4c8f56ddedf to your computer and use it in GitHub Desktop.
Save kitsaels/a6335152f938a0c547d5d4c8f56ddedf to your computer and use it in GitHub Desktop.
Download ZIP
Listing AD User accounts
Raw
ldap-zajdan.php
<?php
//LDAP Bind paramters, need to be a normal AD User account.
$username = 'my.user@firma-cz.local';
$password = 'moje@heslo';
$baseDN = 'DC=firma-cz,DC=local';
\ldap_set_option(NULL, \LDAP_OPT_DEBUG_LEVEL, 7);
$connection = \ldap_connect("192.168.1.6");
if ($connection === FALSE) {
throw new \Exception('Unable to connect to the ldap server');
}
\ldap_set_option($connection, \LDAP_OPT_PROTOCOL_VERSION, 3) or
throw new \Exception('Unable to set LDAP protocol version');
\ldap_set_option($connection, \LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
if (@\ldap_bind($connection, $username, $password) === FALSE) {
throw new \Exception('Unable to bind to the LDAP');
}
$searchFilter = '(|(objectCategory=person)(objectCategory=contact))';
$result = \ldap_search($connection, $baseDN, $searchFilter);
if (FALSE === $result){
throw new \Exception('Unable to search the LDAP');
}
$entries = \ldap_get_entries($connection, $result);
echo <<<EOT
<h2>AD User Results</h2></br>
<table border = "1">
<tr bgcolor="#cccccc">
<td>Username</td>
<td>Last Name</td>
<td>First Name</td>
<td>Company</td>
<td>Department</td>
<td>Office Phone</td>
<td>Fax</td>
<td>Mobile</td>
<td>DDI</td>
<td>E-Mail Address</td>
<td>Home Phone</td>
</tr>
EOT;
for ($x=0; $x<$entries['count']; $x++){
$entry = new LdapEntry($entries[$x]);
$usncreated = "CONTACT_" . $entry->getAttribute('usncreated');
$LDAP_samaccountname = $entry->getAttribute('samaccountname', $usncreated);
$LDAP_LastName = $entry->getAttribute('sn');
$LDAP_FirstName = $entry->getAttribute('givenname');
$LDAP_CompanyName = $entry->getAttribute('company');
$LDAP_Department = $entry->getAttribute('department');
$LDAP_JobTitle = $entry->getAttribute('title');
$LDAP_OfficePhone = $entry->getAttribute('ipphone');
$LDAP_OfficeFax = $entry->getAttribute('facsimiletelephonenumber');
$LDAP_CellPhone = $entry->getAttribute('mobile');
$LDAP_DDI = $entry->getAttribute('telephonenumber');
$LDAP_InternetAddress = $entry->getAttribute('mail');
$LDAP_HomePhone = $entry->getAttribute('homephone');
echo <<<EOT
<tr>
<td><strong>$LDAP_samaccountname</strong></td>
<td>$LDAP_LastName</td>
<td>$LDAP_FirstName</td>
<td>$LDAP_CompanyName</td>
<td>$LDAP_Department</td>
<td>$LDAP_OfficePhone</td>
<td>$LDAP_OfficeFax</td>
<td>$LDAP_CellPhone</td>
<td>$LDAP_DDI</td>
<td>$LDAP_InternetAddress</td>
<td>$LDAP_HomePhone</td>
</tr>
EOT;
}
\ldap_unbind($connection);
echo("</table>");
Raw
LdapEntry.php
<?php
class LdapEntry {
function __construct(array $entry) {
$this->entry = $entry;
}
function getAttribute($attribute, $default="") {
if (empty($this->entry['samaccountname'][0])) {
return $default;
}
$value = $this->entry['samaccountname'][0];
if ($value == "NULL") {
return $default;
}
return $value;
}
}
@ZAJDAN
Copy link

ZAJDAN commented May 22, 2019
edited

Isi it right?
$baseDN = 'DC=firma-cz,DC=local,DC=local';
or
$baseDN = 'DC=firma-cz,DC=local';

maybe:
ldap_bind($connection, "uid=$username,cn=users,$baseDN", $password); //etc...

correct is :
$baseDN = 'DC=firma-cz,DC=local'; //but this is what I corrected already before

I installed the new role on the DC server: 'Active Directory Lightweight Domain Services'
But still on same point :( It is Windows...maybe needs restart?

Also I have tried
ldap_bind($ldap_connection, "uid=$ldap_username, cn=Users, $ldap_base_dn",$ldap_password))

the problem during bind still remains.

@ZAJDAN
Copy link

ZAJDAN commented May 22, 2019
edited

next attempt:
On the Windows server I launched tool LDP
made a connection - successful
and then bind:

-----------
0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 1)
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, NEGOTIATE (1158)); // v.3
	{NtAuthIdentity: User='jana.potvora'; Pwd=<unavailable>; domain = 'firma-cz.local'}
Error <81>: ldap_bind_s() failed: Server Down.
Server error: <empty>
-----------
0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 1)
res = ldap_bind_s(ld, NULL, &NtAuthIdentity, NEGOTIATE (1158)); // v.3
	{NtAuthIdentity: User='www-data'; Pwd=<unavailable>; domain = 'firma-cz.local'}
Authenticated as: 'FIRMA-CZ\www-data'.
-----------

now when I try the user www-data from PHP...still same problem

@kitsaels
Copy link
Author

$LDAP_password = \ldap_escape($password);

@ZAJDAN
Copy link

ZAJDAN commented May 22, 2019
edited

$LDAP_password = \ldap_escape($password);

Ok...with user www-data I am able connect in the LDP tool, so I should be able authenticate with this user from PHP, but without success.
The same problem, the bind is not successful.
Could be a problem the server requires SSL\TLS and on the machine from where runs PHP must be certificate?

@ZAJDAN
Copy link

ZAJDAN commented May 22, 2019

Seems to be the problem is on the server.
On linux machine I installed ldap-utils and tried:

ldapsearch -x -H ldap://192.168.1.6 -D www-data@firma-cz.local -W cd=www-data
Enter LDAP Password: 
ldap_bind: Strong(er) authentication required (8)
        additional info: 00002028: LdapErr: DSID-0C090252, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1

if I understand correctly, server requires SSL, so I must on the server enable also connection without SSL\TLS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment