BestHub
Sign in
Backend Development 4 min read

Using PHP to Connect to an LDAP Server and Perform User Authentication

This tutorial explains how to use PHP's LDAP functions to connect to an LDAP server, bind with credentials, and authenticate users by searching the directory and verifying passwords, providing complete code examples for each step.

php Courses
php Courses
php Courses
Using PHP to Connect to an LDAP Server and Perform User Authentication

LDAP (Lightweight Directory Access Protocol) is commonly used in web applications for user authentication and authorization. PHP offers a set of functions to interact with LDAP servers, and this guide demonstrates how to use them.

1. Connect to the LDAP Server

Use the ldap_connect function to establish a connection. The following example shows how to connect to an LDAP server at ldap.example.com on the default port 389.

<?php
$ldapserver = 'ldap.example.com';
$ldapport   = 389; // default port

$ldapconn = ldap_connect($ldapserver, $ldapport)
    or die("Unable to connect to LDAP server: $ldapserver");
?>

If the connection succeeds, ldap_connect returns a resource; otherwise it returns false, which can be handled with or die.

2. Bind to the LDAP Server

After connecting, bind a user to the server using ldap_bind. The example binds the administrator account and sets the LDAP protocol version to 3.

<?php
$ldaprdn = 'cn=admin,dc=example,dc=com';
$ldappass = 'adminpassword';

ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); // set protocol version

$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

if ($ldapbind) {
    echo "LDAP bind successful!";
} else {
    echo "LDAP bind failed!";
}
?>

3. User Authentication

Once bound, authenticate a user by searching for their DN with ldap_search and retrieving entries with ldap_get_entries. The code below checks the username and password, handling cases where the user does not exist or the credentials are incorrect.

<?php
$username = 'user1';
$password = 'password1';

$searchFilter = "(uid=$username)";
$searchResult = ldap_search($ldapconn, 'ou=users,dc=example,dc=com', $searchFilter);
$entry = ldap_get_entries($ldapconn, $searchResult);

if ($entry['count'] == 1) {
    $ldaprdn = $entry[0]['dn'];
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $password);

    if ($ldapbind) {
        echo "User authentication successful!";
    } else {
        echo "Invalid username or password!";
    }
} else {
    echo "User does not exist!";
}
?>

This process first searches for the user's distinguished name (DN), retrieves it, and then attempts a bind with the supplied password to verify the credentials.

By following these steps and using the provided PHP code snippets, you can integrate LDAP authentication into your web applications, enabling secure user management and access control.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

BackendAuthenticationTutorialLDAPdirectory
php Courses
Written by

php Courses

php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment