Although the most of the settings and the steps are common to the most LDAP applications, there may be slight differences per organisations so you might need to modify the examples a bit. For more information visit Mozilla and PHP.net sites.


Connection


$username = 'inanzzz';
$password = '123123';
$server = '192.168.32.4';
$domain = '@yourdomain.local';
$port = 389;

$connection = ldap_connect($server, $port);

if (!$connection) {
exit('Connection failed');
}

// Help talking to AD
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0);

$bind = @ldap_bind($connection, $username.$domain, $password);

if (!$bind) {
exit('Binding failed');
}

// This is where you can do your work

ldap_close($ldap_connection);

Examples


You can do your own tests but examples below help you understanding LDAP and AD a bit.


List organisational units


function list_organisational_units($ldap_connection, $organisation = 'inanzzz')
{
$distinguished_name = "DC=yourdomain,DC=local";
$filter = "ou=*";

$search = ldap_list($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);

for ($i = 0; $i < $total_record; $i++) {
echo $returned[$i]['ou'][0];
}
}

List all users


function list_all_users($ldap_connection, $unit = 'accounts')
{
$distinguished_name = "OU=$unit,DC=yourdomain,DC=local";
$filter = "(sAMAccountName=*)";

$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);

if ($total_record > 0) {
print_r($returned);
}
}

Search a user


function search_user($ldap_connection, $unit = 'accounts', $person = 'name surname')
{
$distinguished_name = "CN=$person,OU=$unit,DC=yourdomain,DC=local";
$filter = "(sAMAccountName=*)";

$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);

if ($total_record > 0) {
print_r($returned);
}
}

Search user to login


function search_username_for_login($ldap_connection, $person = 'inanzzz.surname')
{
$distinguished_name = "DC=yourdomain,DC=local";
$filter = "(|(mail=$person@*))";

$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);

if ($total_record > 0) {
print_r($returned);
}
}

Search similar users


function search_similar_users($ldap_connection, $person = 'inanzzz')
{
$distinguished_name = "DC=yourdomain,DC=local";
$filter = "(|(givenname=$person*))";

$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);

if ($total_record > 0) {
print_r($returned);
}
}

Get user's details


function search_username_for_registration($ldap_connection, $person = 'inanzzz.surname')
{
$distinguished_name = "DC=yourdomain,DC=local";
$filter = "(|(mail=$person*))";

$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);

if ($total_record > 0) {
echo 'Name : ' . $returned[0]['givenname'][0];
echo 'Surname : ' . $returned[0]['sn'][0];
echo 'Email : ' . $returned[0]['mail'][0];
}
}

List all active users


function list_all_active_users($ldap_connection)
{
$distinguished_name = "DC=yourdomain,DC=local";
$filter = "(cn=*)";

$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);

for ($i = 0; $i < $total_record; $i++)
{
if (false === stripos($returned[$i]['dn'], 'Disabled'))
{
if (isset($returned[$i]['givenname']) && isset($returned[$i]['cn']) && isset($returned[$i]['sn']) &&
isset($returned[$i]['mailnickname']) && isset($returned[$i]['mail']) && isset($returned[$i]['memberof']))
{
if (! preg_match('#[0-9]#', $returned[$i]['cn'][0]))
{
echo 'FULLNAME (cn) : ' . $returned[$i]['cn'][0];
echo 'FIRSTNAME (givenname) : ' . $returned[$i]['givenname'][0];
echo 'SURNAME (sn) : ' . $returned[$i]['sn'][0];
echo 'EMAIL NICKNAME (mailnickname) : ' . $returned[$i]['mailnickname'][0];
echo 'EMAIL (mail) : ' . $returned[$i]['mail'][0];

$memberof = null;

foreach ($returned[$i]['memberof'] as $key => $value)
{
if ($key != 'count')
{
$memberof_array = explode(',', $value);

foreach ($memberof_array as &$member)
{
if (substr($member, 0, 2) == 'OU')
{
$memberof .= substr($member, 3) . '|';
}
}
}
}

$memberof = substr($memberof, 0, -1);

echo 'GROUPS (memberof - OU only) : ' . $memberof;
}
}
}
}
}

List all inactive users


function list_all_disabled_users($ldap_connection)
{
$distinguished_name = "DC=yourdomain,DC=local";
$filter = "(|(mail=*@*))";

$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_records = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);

//If record found
if ($total_records != 0)
{
$list = array();

//Iterate through records
for ($i = 0; $i < $total_records; $i++)
{
$name = isset($returned[$i]['givenname'][0]) ? $returned[$i]['givenname'][0] : null;
$surname = isset($returned[$i]['sn'][0]) ? $returned[$i]['sn'][0] : null;
$email = isset($returned[$i]['mail'][0]) ? $returned[$i]['mail'][0] : null;
$disabled = (stripos($returned[$i]['distinguishedname'][0], 'OU=Disabled Accounts') !== false) ? 'YES' : 'NO';

//Extract mail address
$mail_parts = explode('@', $email);

//If the rule is satisfied
if ($name != '' && $surname != '' && $email != '' && $mail_parts[1] == 'yourdomain.co.uk' && $disabled == 'YES')
{
//Set array
$list[] = ucfirst($name) . ' ' . ucfirst($surname) . ' - ' . $email;
}
}
}

//If there are disabled users then list them
if (count($list) > 0)
{
//Sort array in alphabetical order
asort($list);

$i = 1;

foreach ($list as $user)
{
echo $i . ' - ' . $user;
$i++;
}
}
}