Import user information from Microsoft Active Directory (AD) using LDAP

The recommended method of customizing your AppGini-generated application is through hooks. But sometimes you might need to add functionality not accessible through hooks. You can discuss this here.
Post Reply
User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 1807
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Import user information from Microsoft Active Directory (AD) using LDAP

Post by jsetzer » 2021-03-11 07:36

Good morning @all,

I am working on a solution in PHP for importing user information from a Microsoft Active Directory (AD) using LDAP.

Has anyone done this before and kindly may share her/his experience with me?

What connection parameters do I need for readonly access? Do we have to configure an account for reading user lists? Is there any configuration parameter required in AD for remote accecss by a PHP script? Do we need any additional library / module when using XAMPP or WAMP in Windows OS?

Thanks in advance,
keep coding and stay safe!

Jan

PS: I know there are ldap_* functions in PHP. I am not looking for google search results but for developers who already did this successfully. My question is not about integrating LDAP with AppGini membership system. It is just about reading information like name, email, phone etc.
Kind regards,
<js />

My AppGini Blog:
https://appgini.bizzworxx.de/blog

You can help us helping you:
Please always put code fragments inside [code]...[/code] blocks for better readability

AppGini 24.10 Revision 1579 + all AppGini Helper tools

pbottcher
AppGini Super Hero
AppGini Super Hero
Posts: 1635
Joined: 2018-04-01 10:12

Re: Import user information from Microsoft Active Directory (AD) using LDAP

Post by pbottcher » 2021-03-11 20:16

Hi Jan,

it depends a little on the ldap settings, but you can try

Code: Select all

$ldap_base_dn = 'YOURBASEDN';
$ldap_username='YOURUSERNAME';
$ldap_password='YOURPASSWORD';
ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, 3); // Recommended for AD
ldap_set_option($link, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.				
// Now try to authenticate with credentials provided by user
if (ldap_bind($link, $ldap_username, $ldap_password)) {
//  'User LDAP Authentication was successful !
		 $filter="(&(objectclass=user)(objectCategory=Person))";   // or 
		 $filter="(&(objectclass=user)(objectCategory=Person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))";
		$search_result = ldap_search($link, $ldap_base_dn, $filter);
		 $entries = ldap_get_entries($link, $search_result);
		$unbind = ldap_unbind($link);
}
else{
//  'Invalid credentials! Handle error appropriately
}
Now you should have all Person data in the entries array.

You need a user that has access to the Active Directory. Also the PHP LDAP library need to be loaded.

Hope that helps
Any help offered comes with the best of intentions. Use it at your own risk. In any case, please make a backup of your existing environment before applying any changes.

User avatar
jsetzer
AppGini Super Hero
AppGini Super Hero
Posts: 1807
Joined: 2018-07-06 06:03
Location: Kiel, Germany
Contact:

Re: Import user information from Microsoft Active Directory (AD) using LDAP

Post by jsetzer » 2021-03-11 21:52

Thanks @pböttcher for the moment!

As you have mentioned correctly, enabling ldap php library in my XAMPP and in customer's WAMP was required. Connection works fine. Binding requires valid credentials. I have asked customer for credentials and gonna test and report back as soon as I got them.
Kind regards,
<js />

My AppGini Blog:
https://appgini.bizzworxx.de/blog

You can help us helping you:
Please always put code fragments inside [code]...[/code] blocks for better readability

AppGini 24.10 Revision 1579 + all AppGini Helper tools

User avatar
a.gneady
Site Admin
Posts: 1281
Joined: 2012-09-27 14:46
Contact:

Re: Import user information from Microsoft Active Directory (AD) using LDAP

Post by a.gneady » 2024-01-23 17:39

I know this is an old thread, but for anyone stumbling upon it when searching, I'm glad to announce that we've just added LDAP support to AppGini 24.10, https://bigprof.com/appgini/help/ldap-authentication

All you need to do is configure LDAP settings from the admin area > Utilities menu > Admin settings > LDAP

You don't need to define your LDAP users first in your AppGini app. Instead, you can configure LDAP settings to automatically add new users to a specified group. May be you could give this group minimal or no permissions, review the users in there, and move them to other groups to activate them.
:idea: AppGini plugins to add more power to your apps:
  • DataTalk is an innovative AppGini plugin based on ChatGPT that allows you to interact with your AppGini database using natural language questions, without writing any SQL. Check the demo video
  • Mass Update plugin: Update multiple records at once and improve your workflow efficiency.
  • Check our other plugins and get a generous discount of up to 30% when buying 2 or more plugins.

Post Reply