04/02/2014 - PHP
Although the most of the settings and the steps are common to the most LDAP applications, there may be slight differences per organisations so you might need to modify the examples a bit. For more information visit Mozilla and PHP.net sites.
$username = 'inanzzz';
$password = '123123';
$server = '192.168.32.4';
$domain = '@yourdomain.local';
$port = 389;
$connection = ldap_connect($server, $port);
if (!$connection) {
exit('Connection failed');
}
// Help talking to AD
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($connection, $username.$domain, $password);
if (!$bind) {
exit('Binding failed');
}
// This is where you can do your work
ldap_close($ldap_connection);
You can do your own tests but examples below help you understanding LDAP and AD a bit.
function list_organisational_units($ldap_connection, $organisation = 'inanzzz')
{
$distinguished_name = "DC=yourdomain,DC=local";
$filter = "ou=*";
$search = ldap_list($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);
for ($i = 0; $i < $total_record; $i++) {
echo $returned[$i]['ou'][0];
}
}
function list_all_users($ldap_connection, $unit = 'accounts')
{
$distinguished_name = "OU=$unit,DC=yourdomain,DC=local";
$filter = "(sAMAccountName=*)";
$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);
if ($total_record > 0) {
print_r($returned);
}
}
function search_user($ldap_connection, $unit = 'accounts', $person = 'name surname')
{
$distinguished_name = "CN=$person,OU=$unit,DC=yourdomain,DC=local";
$filter = "(sAMAccountName=*)";
$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);
if ($total_record > 0) {
print_r($returned);
}
}
function search_username_for_login($ldap_connection, $person = 'inanzzz.surname')
{
$distinguished_name = "DC=yourdomain,DC=local";
$filter = "(|(mail=$person@*))";
$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);
if ($total_record > 0) {
print_r($returned);
}
}
function search_similar_users($ldap_connection, $person = 'inanzzz')
{
$distinguished_name = "DC=yourdomain,DC=local";
$filter = "(|(givenname=$person*))";
$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);
if ($total_record > 0) {
print_r($returned);
}
}
function search_username_for_registration($ldap_connection, $person = 'inanzzz.surname')
{
$distinguished_name = "DC=yourdomain,DC=local";
$filter = "(|(mail=$person*))";
$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);
if ($total_record > 0) {
echo 'Name : ' . $returned[0]['givenname'][0];
echo 'Surname : ' . $returned[0]['sn'][0];
echo 'Email : ' . $returned[0]['mail'][0];
}
}
function list_all_active_users($ldap_connection)
{
$distinguished_name = "DC=yourdomain,DC=local";
$filter = "(cn=*)";
$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_record = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);
for ($i = 0; $i < $total_record; $i++)
{
if (false === stripos($returned[$i]['dn'], 'Disabled'))
{
if (isset($returned[$i]['givenname']) && isset($returned[$i]['cn']) && isset($returned[$i]['sn']) &&
isset($returned[$i]['mailnickname']) && isset($returned[$i]['mail']) && isset($returned[$i]['memberof']))
{
if (! preg_match('#[0-9]#', $returned[$i]['cn'][0]))
{
echo 'FULLNAME (cn) : ' . $returned[$i]['cn'][0];
echo 'FIRSTNAME (givenname) : ' . $returned[$i]['givenname'][0];
echo 'SURNAME (sn) : ' . $returned[$i]['sn'][0];
echo 'EMAIL NICKNAME (mailnickname) : ' . $returned[$i]['mailnickname'][0];
echo 'EMAIL (mail) : ' . $returned[$i]['mail'][0];
$memberof = null;
foreach ($returned[$i]['memberof'] as $key => $value)
{
if ($key != 'count')
{
$memberof_array = explode(',', $value);
foreach ($memberof_array as &$member)
{
if (substr($member, 0, 2) == 'OU')
{
$memberof .= substr($member, 3) . '|';
}
}
}
}
$memberof = substr($memberof, 0, -1);
echo 'GROUPS (memberof - OU only) : ' . $memberof;
}
}
}
}
}
function list_all_disabled_users($ldap_connection)
{
$distinguished_name = "DC=yourdomain,DC=local";
$filter = "(|(mail=*@*))";
$search = ldap_search($ldap_connection, $distinguished_name, $filter);
$total_records = ldap_count_entries($ldap_connection, $search);
$returned = ldap_get_entries($ldap_connection, $search);
//If record found
if ($total_records != 0)
{
$list = array();
//Iterate through records
for ($i = 0; $i < $total_records; $i++)
{
$name = isset($returned[$i]['givenname'][0]) ? $returned[$i]['givenname'][0] : null;
$surname = isset($returned[$i]['sn'][0]) ? $returned[$i]['sn'][0] : null;
$email = isset($returned[$i]['mail'][0]) ? $returned[$i]['mail'][0] : null;
$disabled = (stripos($returned[$i]['distinguishedname'][0], 'OU=Disabled Accounts') !== false) ? 'YES' : 'NO';
//Extract mail address
$mail_parts = explode('@', $email);
//If the rule is satisfied
if ($name != '' && $surname != '' && $email != '' && $mail_parts[1] == 'yourdomain.co.uk' && $disabled == 'YES')
{
//Set array
$list[] = ucfirst($name) . ' ' . ucfirst($surname) . ' - ' . $email;
}
}
}
//If there are disabled users then list them
if (count($list) > 0)
{
//Sort array in alphabetical order
asort($list);
$i = 1;
foreach ($list as $user)
{
echo $i . ' - ' . $user;
$i++;
}
}
}