Good morning @all,
I am working on a solution in PHP for importing user information from a Microsoft Active Directory (AD) using LDAP.
Has anyone done this before and kindly may share her/his experience with me?
What connection parameters do I need for readonly access? Do we have to configure an account for reading user lists? Is there any configuration parameter required in AD for remote accecss by a PHP script? Do we need any additional library / module when using XAMPP or WAMP in Windows OS?
Thanks in advance,
keep coding and stay safe!
Jan
PS: I know there are ldap_* functions in PHP. I am not looking for google search results but for developers who already did this successfully. My question is not about integrating LDAP with AppGini membership system. It is just about reading information like name, email, phone etc.
Import user information from Microsoft Active Directory (AD) using LDAP
Import user information from Microsoft Active Directory (AD) using LDAP
Kind regards,
<js />
My AppGini Blog:
https://appgini.bizzworxx.de/blog
You can help us helping you:
Please always put code fragments inside
AppGini 24.10 Revision 1579 + all AppGini Helper tools
<js />
My AppGini Blog:
https://appgini.bizzworxx.de/blog
You can help us helping you:
Please always put code fragments inside
[code]...[/code]
blocks for better readabilityAppGini 24.10 Revision 1579 + all AppGini Helper tools
Re: Import user information from Microsoft Active Directory (AD) using LDAP
Hi Jan,
it depends a little on the ldap settings, but you can try
Now you should have all Person data in the entries array.
You need a user that has access to the Active Directory. Also the PHP LDAP library need to be loaded.
Hope that helps
it depends a little on the ldap settings, but you can try
Code: Select all
$ldap_base_dn = 'YOURBASEDN';
$ldap_username='YOURUSERNAME';
$ldap_password='YOURPASSWORD';
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, 3); // Recommended for AD
ldap_set_option($link, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
// Now try to authenticate with credentials provided by user
if (ldap_bind($link, $ldap_username, $ldap_password)) {
// 'User LDAP Authentication was successful !
$filter="(&(objectclass=user)(objectCategory=Person))"; // or
$filter="(&(objectclass=user)(objectCategory=Person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";
$search_result = ldap_search($link, $ldap_base_dn, $filter);
$entries = ldap_get_entries($link, $search_result);
$unbind = ldap_unbind($link);
}
else{
// 'Invalid credentials! Handle error appropriately
}
You need a user that has access to the Active Directory. Also the PHP LDAP library need to be loaded.
Hope that helps
Any help offered comes with the best of intentions. Use it at your own risk. In any case, please make a backup of your existing environment before applying any changes.
Re: Import user information from Microsoft Active Directory (AD) using LDAP
Thanks @pböttcher for the moment!
As you have mentioned correctly, enabling ldap php library in my XAMPP and in customer's WAMP was required. Connection works fine. Binding requires valid credentials. I have asked customer for credentials and gonna test and report back as soon as I got them.
As you have mentioned correctly, enabling ldap php library in my XAMPP and in customer's WAMP was required. Connection works fine. Binding requires valid credentials. I have asked customer for credentials and gonna test and report back as soon as I got them.
Kind regards,
<js />
My AppGini Blog:
https://appgini.bizzworxx.de/blog
You can help us helping you:
Please always put code fragments inside
AppGini 24.10 Revision 1579 + all AppGini Helper tools
<js />
My AppGini Blog:
https://appgini.bizzworxx.de/blog
You can help us helping you:
Please always put code fragments inside
[code]...[/code]
blocks for better readabilityAppGini 24.10 Revision 1579 + all AppGini Helper tools
Re: Import user information from Microsoft Active Directory (AD) using LDAP
I know this is an old thread, but for anyone stumbling upon it when searching, I'm glad to announce that we've just added LDAP support to AppGini 24.10, https://bigprof.com/appgini/help/ldap-authentication
All you need to do is configure LDAP settings from the admin area > Utilities menu > Admin settings > LDAP
You don't need to define your LDAP users first in your AppGini app. Instead, you can configure LDAP settings to automatically add new users to a specified group. May be you could give this group minimal or no permissions, review the users in there, and move them to other groups to activate them.
All you need to do is configure LDAP settings from the admin area > Utilities menu > Admin settings > LDAP
You don't need to define your LDAP users first in your AppGini app. Instead, you can configure LDAP settings to automatically add new users to a specified group. May be you could give this group minimal or no permissions, review the users in there, and move them to other groups to activate them.
AppGini plugins to add more power to your apps:
- DataTalk is an innovative AppGini plugin based on ChatGPT that allows you to interact with your AppGini database using natural language questions, without writing any SQL. Check the demo video
- Mass Update plugin: Update multiple records at once and improve your workflow efficiency.
- Check our other plugins and get a generous discount of up to 30% when buying 2 or more plugins.