{"id":51,"date":"2009-04-01T20:10:29","date_gmt":"2009-04-01T20:10:29","guid":{"rendered":"http:\/\/smarinier\/comment-effectuer-une-identification-d-un-utilisateur-active-directory-en-php-via-ldap\/"},"modified":"2015-04-23T16:03:47","modified_gmt":"2015-04-23T15:03:47","slug":"comment-effectuer-une-identification-d-un-utilisateur-active-directory-en-php-via-ldap","status":"publish","type":"post","link":"https:\/\/www.smarinier.net\/comment-effectuer-une-identification-d-un-utilisateur-active-directory-en-php-via-ldap\/","title":{"rendered":"Comment effectuer une identification d’un utilisateur Active Directory en PHP via LDAP"},"content":{"rendered":"

Si vous arrivez ici, c’est que sans doute vous avez comme moi cherch\u00e9 sur Internet comment effectuer une authentification en LDAP sur une base Active Directory, en PHP. Difficile car on trouve beaucoup de bruit avec ces termes !<\/p>\n

Voici ce que j’ai fini par \u00e9crire. Le principe essentiel est d’effectuer une recherche du DN, puis de re-effectuer un \u00ab\u00a0ldap_bind\u00a0\u00bb. Si cela ne fonctionne pas dans votre cas, faites le moi savoir via les commentaires!<\/p>\n

Le petit bout de code:<\/p>\n

\n
 \/\/ modify these values\r\n define(\"LDAP_HOSTNAME\",\"192.168.0.10\");\r\n \/\/ LDAP server define(\"LDAP_DN\", \"DC=xx,DC=yy,DC=zz\");\r\n \/\/ LDAP DN define(\"LDAP_CN\", \"admin\");\r\n \/\/ LDAP admin name define(\"LDAP_CN_PASS\", \"password\");\r\n \/\/ LDAP admin password\r\n function LDAP_identify( $login, $password) {\r\n   $ldaprdn  = 'CN='.LDAP_CN.\",CN=Users,\".LDAP_DN;\r\n   \/\/ DN ou RDN LDAP\r\n   $ldappass = LDAP_CN_PASS;\r\n  \/\/ admin password\r\n   $ld = ldap_connect( LDAP_HOSTNAME);\r\n   if (!$ld)  {\r\n \techo \"Can't connect on LDAP server\";\r\n \treturn false;\r\n   }\r\n   ldap_set_option($ld, LDAP_OPT_PROTOCOL_VERSION, 3);\r\n   ldap_set_option($ld, LDAP_OPT_REFERRALS, 0);\r\n   if (!ldap_bind( $ld, $ldaprdn, $ldappass)) {\r\n \techo \"Can't identify on LDAP server\";\r\n \tldap_close( $ld);\r\n \treturn false;\r\n   }\r\n   $r=ldap_search($ld, LDAP_DN, \"(sAMAccountName=$login)\");\r\n   $info = ldap_get_entries( $ld, $r);\r\n   if ($info)  {\r\n \t\/* \t** If you want to get some info\r\n \t$id = $fullName = $mail = '';\r\n \tif (isset($info[0]['sn'])) $id =$info[0]['sn'][0];\r\n \tif (isset($info[0]['cn'])) $fullName =$info[0]['cn'][0];\r\n \tif (isset($info[0]['mail'])) $mail =$info[0]['mail'][0];\r\n \t*\/\r\n \t$DN = '';\r\n \tif (isset($info[0]['dn'])) $DN =$info[0]['dn'];\r\n \t\/\/ Active Directory accept empty password !?\r\n \t$password = trim($password);\r\n \tif (empty($password) || empty($DN) || !ldap_bind( $ld, $DN, $password)) {\r\n \t\techo \"Erreur d'identification\";\r\n \t\tldap_close( $ld);\r\n \t\treturn false;\r\n \t}\r\n \t\/\/ here, you're identified\r\n \tldap_close($ld);\r\n \treturn true;\r\n   }\r\n   ldap_close( $ld);\r\n   return false;\r\n }\r\n <\/font><\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
Si vous arrivez ici, c’est que sans doute vous avez comme moi cherch\u00e9 sur Internet comment effectuer une authentification en LDAP sur une base Active Directory, en PHP. Difficile car on trouve beaucoup de bruit avec ces termes ! Voici ce que j’ai fini par \u00e9crire. Le principe essentiel est d’effectuer […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-51","post","type-post","status-publish","format-standard","hentry","category-php"],"_links":{"self":[{"href":"https:\/\/www.smarinier.net\/%77%70%2d%6a%73%6f%6e\/wp\/v2\/posts\/51","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.smarinier.net\/%77%70%2d%6a%73%6f%6e\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.smarinier.net\/%77%70%2d%6a%73%6f%6e\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.smarinier.net\/%77%70%2d%6a%73%6f%6e\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.smarinier.net\/%77%70%2d%6a%73%6f%6e\/wp\/v2\/comments?post=51"}],"version-history":[{"count":2,"href":"https:\/\/www.smarinier.net\/%77%70%2d%6a%73%6f%6e\/wp\/v2\/posts\/51\/revisions"}],"predecessor-version":[{"id":396,"href":"https:\/\/www.smarinier.net\/%77%70%2d%6a%73%6f%6e\/wp\/v2\/posts\/51\/revisions\/396"}],"wp:attachment":[{"href":"https:\/\/www.smarinier.net\/%77%70%2d%6a%73%6f%6e\/wp\/v2\/media?parent=51"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.smarinier.net\/%77%70%2d%6a%73%6f%6e\/wp\/v2\/categories?post=51"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.smarinier.net\/%77%70%2d%6a%73%6f%6e\/wp\/v2\/tags?post=51"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}