Search code examples
phpldap

PHP - Create login page with LDAP authentication

I'm trying to create a login page using LDAP authentication.

i created the following code:

<?php
$query = 'CN=AD Username, OU=Users,OU=No Policy Light,OU=IT,DC=Domain,DC=Corp';
$server = 'Domain.Corp';
$dn = 'dc=Domain, dc=com';
$conn = ldap_connect($server);
ldap_search($conn, $dn, $query);

echo "ldap error: " . ldap_error($conn);
ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $err);
echo "ldap_get_option: $err";
?>

when i check my webpage i get the following error:

"ldap error: Operations error ldap_get_option:"

i found this connection under php ldap manual:

https://www.php.net/manual/en/function.ldap-error.php

does anyone know what can be the issue with my code? or if you have a better solution for ldap authentication with php.

Thanks in advance.

Update:

so according to 'EricLavault' comment i had to set bind first:

<?php
// using ldap bind
$ldaprdn  = 'AD Username';     // ldap rdn or dn
$ldappass = 'Password';  // associated password

// connect to ldap server
$ldapconn = ldap_connect("LDAP Server")
or die("Could not connect to LDAP server.");

if ($ldapconn) 
{
    // binding to ldap server
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

    // verify binding
    if ($ldapbind) 
    {
        echo "LDAP bind successful...";
    }
    else
    {
        echo "LDAP bind failed...";
    }
}
    $ldaprdn = $_POST["username"];
    $ldappass = $_POST["password"];
    if(ldap_bind($ldapconn, $ldaprdn, $ldappass))
    {
        echo "bin successful!";
    }
    else
    {
        echo "invalid user/pass or other error";
    }
?>

my form looks like this:

<html>
    <head>
        <style>
        body
        { 
            text-align:center;
        }
        form
        {
            margin: 0 auto; width: 500px;
        }
        input
        {
            padding: 10px; font-zie:20;
        }
        </style>
    </head>
    <body>
        <h1> authentication with AD </h1>
        <form action="Auth.php" method="post">
            <input type="text" name="username" /><br>
            <input type="text" name="password" /><br>
            <input type="submit" value="Login" />
    </body>
</html>
Solution

  • So after making some research and some trials & errors i came up with this solution which seems to be working perfectly to my needs.

    my form:

    <html>
    <head>
        <style>
            body
            {
                text-align:center;
            }
            form
            {
                margin: 0 auto; width: 500px;
            }
            input
            {
                padding: 10px; font-zie:20;
            }
    </head>
        </style>
    <body>
    <h1> authentication with AD </h1>
    <form action="Auth.php" method="post">
        <input type="text" name="username" /><br>
        <input type="password" name="password" /><br>
        <input type="submit" value="Login" />
    </body>
</html>

    my Auth page:

    <?php
    $ldaprdn  = $_POST["username"];
    $ldappass = $_POST["password"];
    $ldapconn = ldap_connect("ldap server name") or die("Could not connect to LDAP server.");

if ($ldapconn) 
{
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
    if ($ldapbind) 
    {
        echo "LDAP bind successful...";
    }
    else 
    {
        echo "LDAP bind failed...";
    }
}
$Result = ldap_search($ldapconn, "OU=IT,DC="Domain",DC=corp", "(samaccountname=$ldaprdn)", array("dn"));
$data = ldap_get_entries($ldapconn, $Result);
print_r($data);
?>

    Additionally, per this answer, you may need to set the following options immediately after ldap_connect :

    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

    hope this solution can help those who needs the same.