BestHub
Sign in
Backend Development 5 min read

Using PHP LDAP Functions for Connecting and Authenticating Users

This article explains how to use PHP's LDAP functions to connect to an LDAP server, bind with credentials, and authenticate users, providing step‑by‑step code examples for each stage.

php中文网 Courses
php中文网 Courses
php中文网 Courses
Using PHP LDAP Functions for Connecting and Authenticating Users

LDAP (Lightweight Directory Access Protocol) is a protocol for accessing and maintaining distributed directory information, commonly used for user authentication and authorization in web applications. PHP offers a set of functions to work with LDAP, and this guide demonstrates how to use them.

1. Connect to LDAP Server

To establish a connection, use the ldap_connect function. The following example shows how to connect to an LDAP server at ldap.example.com on the default port 389.

<?php
$ldapserver = 'ldap.example.com';
$ldapport = 389; // default port

$ldapconn = ldap_connect($ldapserver, $ldapport)
    or die("Unable to connect to LDAP server: $ldapserver");
?>

The ldap_connect call returns a connection resource on success or false on failure; the or die statement handles connection errors.

2. Bind to LDAP Server

After connecting, bind a user to the server with ldap_bind . The example binds the administrator account cn=admin,dc=example,dc=com using ldap_set_option to set the protocol version to 3.

<?php
$ldaprdn = 'cn=admin,dc=example,dc=com';
$ldappass = 'adminpassword';

ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); // set LDAP protocol version to 3

$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

if ($ldapbind) {
    echo "LDAP bind successful!";
} else {
    echo "LDAP bind failed!";
}
?>

The ldap_bind function attempts to authenticate the provided credentials; success or failure is reported accordingly.

3. User Authentication

Once bound, you can verify a user's username and password using ldap_search and ldap_get_entries . The example searches for a user entry, retrieves the distinguished name (DN), and then attempts to bind with the supplied password.

<?php
$username = 'user1';
$password = 'password1';

$searchFilter = "(uid=$username)";
$searchResult = ldap_search($ldapconn, 'ou=users,dc=example,dc=com', $searchFilter);
$entry = ldap_get_entries($ldapconn, $searchResult);

if ($entry['count'] == 1) {
    $ldaprdn = $entry[0]['dn'];
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $password);

    if ($ldapbind) {
        echo "User authentication successful!";
    } else {
        echo "Invalid username or password!";
    }
} else {
    echo "User does not exist!";
}
?>

The script first searches for the user's DN, then binds with the provided password; appropriate messages are displayed based on the outcome.

By following these steps and using the provided PHP code snippets, developers can easily connect to an LDAP server and perform secure user authentication within their web applications.

BackendAuthenticationPHPWeb SecurityLDAP
php中文网 Courses
Written by

php中文网 Courses

php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment