Active Directory Lookup via PHP

Question

How can you do an Active Directory lookup via PHP? Without needing to recompile PHP. PHP version is 5.3

I want to find a persons display name from their user name. Web s

Answer 1

OK - first of all, you need the ext/ldap to communicate with your Active Directory server via the LDAP interface. Obviously this requirement is met with your PHP installation (otherwise you'd get errors about undefined functions).

The question now is: what Windows server are you coding against? From Windows Server 2003 onwards anonymous binds are disabled by default, which means that you cannot search the Active Directory tree without authenticating with an existing and authorized user first. (To enable anonymous binds please see here - but as you don't have any admin rights, you won't be able to change this)

The second problem is your base DN which actually is the location within your LDAP tree from which on a search operation will be executed. The normale base DN for the users' container should be CN=Users,DC=yourdomain,DC=yourtopleveldomain, which is for example CN=Users,DC=example,DC=local.

The filter you're using is correct actually: (SAMAccountName=username) will find the account entry for user username. To use your username variable you can do:

$filter = sprintf('(SAMAccountName=%s)', $user);

The general code flow, though, seems to be correct, too.

To summarize: you'll have to check first if your Active Directory allows anonymous binds and then you'll have to adjust your search's base DN. If no anonymous binds are allowed you'll have to use a user that is authorized to bind to the Active Directory.