Last active
May 22, 2019 13:30
-
-
Save kitsaels/a6335152f938a0c547d5d4c8f56ddedf to your computer and use it in GitHub Desktop.
Listing AD User accounts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
//LDAP Bind paramters, need to be a normal AD User account. | |
$username = 'my.user@firma-cz.local'; | |
$password = 'moje@heslo'; | |
$baseDN = 'DC=firma-cz,DC=local'; | |
\ldap_set_option(NULL, \LDAP_OPT_DEBUG_LEVEL, 7); | |
$connection = \ldap_connect("192.168.1.6"); | |
if ($connection === FALSE) { | |
throw new \Exception('Unable to connect to the ldap server'); | |
} | |
\ldap_set_option($connection, \LDAP_OPT_PROTOCOL_VERSION, 3) or | |
throw new \Exception('Unable to set LDAP protocol version'); | |
\ldap_set_option($connection, \LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search. | |
if (@\ldap_bind($connection, $username, $password) === FALSE) { | |
throw new \Exception('Unable to bind to the LDAP'); | |
} | |
$searchFilter = '(|(objectCategory=person)(objectCategory=contact))'; | |
$result = \ldap_search($connection, $baseDN, $searchFilter); | |
if (FALSE === $result){ | |
throw new \Exception('Unable to search the LDAP'); | |
} | |
$entries = \ldap_get_entries($connection, $result); | |
echo <<<EOT | |
<h2>AD User Results</h2></br> | |
<table border = "1"> | |
<tr bgcolor="#cccccc"> | |
<td>Username</td> | |
<td>Last Name</td> | |
<td>First Name</td> | |
<td>Company</td> | |
<td>Department</td> | |
<td>Office Phone</td> | |
<td>Fax</td> | |
<td>Mobile</td> | |
<td>DDI</td> | |
<td>E-Mail Address</td> | |
<td>Home Phone</td> | |
</tr> | |
EOT; | |
for ($x=0; $x<$entries['count']; $x++){ | |
$entry = new LdapEntry($entries[$x]); | |
$usncreated = "CONTACT_" . $entry->getAttribute('usncreated'); | |
$LDAP_samaccountname = $entry->getAttribute('samaccountname', $usncreated); | |
$LDAP_LastName = $entry->getAttribute('sn'); | |
$LDAP_FirstName = $entry->getAttribute('givenname'); | |
$LDAP_CompanyName = $entry->getAttribute('company'); | |
$LDAP_Department = $entry->getAttribute('department'); | |
$LDAP_JobTitle = $entry->getAttribute('title'); | |
$LDAP_OfficePhone = $entry->getAttribute('ipphone'); | |
$LDAP_OfficeFax = $entry->getAttribute('facsimiletelephonenumber'); | |
$LDAP_CellPhone = $entry->getAttribute('mobile'); | |
$LDAP_DDI = $entry->getAttribute('telephonenumber'); | |
$LDAP_InternetAddress = $entry->getAttribute('mail'); | |
$LDAP_HomePhone = $entry->getAttribute('homephone'); | |
echo <<<EOT | |
<tr> | |
<td><strong>$LDAP_samaccountname</strong></td> | |
<td>$LDAP_LastName</td> | |
<td>$LDAP_FirstName</td> | |
<td>$LDAP_CompanyName</td> | |
<td>$LDAP_Department</td> | |
<td>$LDAP_OfficePhone</td> | |
<td>$LDAP_OfficeFax</td> | |
<td>$LDAP_CellPhone</td> | |
<td>$LDAP_DDI</td> | |
<td>$LDAP_InternetAddress</td> | |
<td>$LDAP_HomePhone</td> | |
</tr> | |
EOT; | |
} | |
\ldap_unbind($connection); | |
echo("</table>"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
class LdapEntry { | |
function __construct(array $entry) { | |
$this->entry = $entry; | |
} | |
function getAttribute($attribute, $default="") { | |
if (empty($this->entry['samaccountname'][0])) { | |
return $default; | |
} | |
$value = $this->entry['samaccountname'][0]; | |
if ($value == "NULL") { | |
return $default; | |
} | |
return $value; | |
} | |
} |
$LDAP_password = \ldap_escape($password);
Ok...with user www-data I am able connect in the LDP tool, so I should be able authenticate with this user from PHP, but without success.
The same problem, the bind is not successful.
Could be a problem the server requires SSL\TLS and on the machine from where runs PHP must be certificate?
Seems to be the problem is on the server.
On linux machine I installed ldap-utils and tried:
ldapsearch -x -H ldap://192.168.1.6 -D www-data@firma-cz.local -W cd=www-data
Enter LDAP Password:
ldap_bind: Strong(er) authentication required (8)
additional info: 00002028: LdapErr: DSID-0C090252, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1
if I understand correctly, server requires SSL, so I must on the server enable also connection without SSL\TLS
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
$LDAP_password = \ldap_escape($password);