Search code examples
phpauthenticationactive-directoryldapwindows-2003-webserver

PHP - LDAP authentication against Windows 2003 Active Directory (User ID different from First Name and Last Name)


Need your help with authenticating an active directory user ID against LDAP. My problem is unique. Let me explain here. Before posting this question, I've googled it and also searched in this forum and did not get any matching posts.

Here is the issue I have a windows 2003 domain controller. My company policy is to create the user IDs in the domain as below

First Name = John
Last Name = Wagner
User ID = [email protected] (domain controller is company.com)

When I update the user properties in Active Directory Users and Computers, I have to update the full first and full last name - John Wagner

When I try to authenticate a html web form in php using the User ID, it doesnt work. However, when I authenticate with the first name and last name, it works.

//username is given as jwagner in the html form in this case. Authentication Fails.
//username is given as "john wagner" (without the quotes). Authentication Success.

if ((isset($_POST['username'])) && (isset($_POST['password'])))
{
$username=$_POST['username'];
$password=$_POST['password'];

$adServer = "10.23.1.1";
$ldapconn = ldap_connect($adServer)
    or die("Could not connect to LDAP server.");

$ldaprdn = $username;
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $password);

if ($ldapbind)
{
    $_SESSION['username'] = $username;
    $_SESSION['password'] = $password;
    header("Location: http://company.com/website1");
}
else
{
    //if authentication fails, redirect back to the login page
    header("Location: http://company.com/index.php");
}
}

I'm not sure where am I going wrong. Is it not possible to authenticate active directory account using php if the user id is not equal to the first name and last name of the active directory account?

Thanks for all your advise and help in advance.

Regards, Vinay


Solution

  • If you enter you user like this :

    enter image description here

    have you simply test :

    $ldap_domain = 'company.com';
    $ldapbind = ldap_bind($ldapconn, "$ldaprdn@$ldap_domain", $password);