We Keep Coding

How to add user in group using LDAP php?

I tried much time to create a user in the group but could not have been. While I am able to create a user but not in a group. My Group name is RDP and Netmetric is the folder where I am creating a user.
if($ldapbind = ldap_bind($ldap_conn, $username, $password) == true)
{ // if ldap bind
$adduserAD["cn"] = $name;// Common name
$adduserAD["givenname"] = $name;
$adduserAD["sn"] = 'Kumar'; // Surname
$adduserAD["sAMAccountName"] = $name; // SamaAccountname declare here
$adduserAD['userPrincipalName'] = $name;
$adduserAD["objectClass"] = "User"; // Object class user
$adduserAD["displayname"] = "Test User";
$adduserAD['mail'] = $email;
$adduserAD["userPassword"] = $pwd; // set password here
$adduserAD["userAccountControl"] = "66080";
$base_dn = "cn=".$name.",ou=Netmetric,DC=ntop,DC=local";// base dn
// Attempt to add the user with ldap_add()
if(ldap_add($ldap_conn, $base_dn, $adduserAD) == true){
echo "User is created";
}
ldap_close($ldap_conn);
}else{
echo "Not connected with server";
}

Since you have a openldap tag on question, I'm assuming you are trying to add users in OpenLDAP database.
If that is the case you should get an error because sAMAccountName,userPrincipalName,userAccountControl attributes are not present in OpenLDAP schema.

How can I verify a user and password in AD without PHP ldap_bind?

I have a php file that connects and binds to AD with a service account no problem on that.
I have an HTML form asking for user name and password.
I need a way to verify the user's credentials against AD
when the user enters their user name and password in the form.
I cannot use the ldap_bind function, because our users don't have the permission to do that.
Suppose PHP has an auth class, but I cannot figure out how to get it to work. Can anyone help me with that? If auth class doesn't work, what other codes can I use to verify credentials and add it to my PHP page?
The following is my php page:
<?php
// Connect to AD========================================================
include('studentFormAuth.html');
$ldapusername = 'service_account_name';
$ldappassword = "service_account_password";
$server = 'xx.xx.xx.xx';
$domain = '#abc.com';
$port = 389;
$connection = ldap_connect($server, $port);
if (!$connection) {
exit('Connection failed');
}
// Settings for AD======================================================
ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);
$bind = #ldap_bind($connection, $ldapusername.$domain, $ldappassword);
if (!$bind) {
exit('Binding failed');
}
// Verify user credentials auth function=============================================
$auth = new Auth($connection, $_POST['usern'].$domain, $_POST['password']);
// begin validation
$auth->start();
if ($auth->getAuth()) {
// content for validated users
echo 'user name is: ' $_POST['usern'].$domain;
} else {
echo 'Cannot verify user';
}
// log users out
$auth->logout();

How to get authorized user in ldap using php?

I want to use my system login password to php login page. So that i used the LDAP concept in my project. I have mentioned below my coding, that is everything fine. But When i run this code, the result shows "Invalid user". I don't know why this was showing wrongly.
$ldaphost = 'abc.co.in';
$ldapport = '389';
$username = '4444';
$password = '4444pass';
$ldap = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
$user = "uid=$username,dc=abc,dc=co,dc=in";
$bind = #ldap_bind($ldap, $user, $password);
if ($bind) {
echo "<br />Valid user";
} else {
$msg = "<br />Invalid user";
echo $msg;
}
Below the result:
What is fault in my code or i need to anything add?
Please find and solve this request. That will more helpful to me.
Thank you advance...

This is how my ldap thing works. change your ldap host to be either "ldap://abd.asd.co:389' or "ldaps://asd.basd.co:636".
function verify_user() {
$user = $_REQUEST['user'];
$passwd = $_REQUEST['pass'];
// Bind to LDAP to check is user is valid
$server = "ldaps://ldap.server.com:636";
$dn = "uid=$user, ou=People, ou=something, dc=other, dc=whatever";
// Create a fake password if needed to keep people from anonymously
// binding to LDAP
if($passwd == '') { $passwd = "p"; }
$ldap = ldap_connect($server) or die("Can't connect to LDAP server!");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls($ldap);
if($ldap) {
$bnd = #ldap_bind($ldap, $dn, stripslashes($passwd));
if(!$bnd) {
sleep(5);
echo "<br>Error: Bad Username or Password!<br>";
exit;
}
}
header("Location: {$_REQUEST['url']}"); /* Redirect browser */
exit;
}

Set password when creating a new Active Directory user account in PHP

This PHP script creates enabled user accounts in Active Directory without a password. How do I set the password?
<?php
$examplePassword = "34mlrfm$sxkf";
$WinTimestamp = "131196672000000000" //30-09-16 00:00:00
//Create unicode password
function encodePassword($password) {
$password="\"".$password."\"";
$encoded="";
for ($i=0; $i <strlen($password); $i++){ $encoded.="{$password{$i}}\000";}
return $encoded;
}
//Build Active Directory record
$ldaprecord["accountExpires"] = $winTimestamp;
$ldaprecord["UserAccountControl"] = "544"; //544 - Account enabled, require password change
$ldaprecord['userPassword'] = encodePassword($examplePassword);
$ldaprecoed['otherAttributes'] = "Truncated from question";
$ds = ldap_connect($AD_server); // Connect to Active Directory
if ($ds) {
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$r = ldap_bind($ds, $AD_Auth_User, $AD_Auth_PWD); //Bind
$r = ldap_add($ds,$dn,$ldaprecord); //Create account
ldap_close($ds); //Close connection
}
?>
I've tried different password encoding methoods.
I've also tried inserting the password into $ldaprecord["unicodepwd"]. Which results in "Server is unwilling to perform" error.

I've got it working. You can only set passwords over an SSL connection, thanks #stuartbrand
Either encrypt traffic on 389 using ldap_start_tls() or connect on 636 using $ds = ldap_connect('ldaps://'.$AD_server);
Password should be inserted into the $ldaprecord["unicodepwd"] attribute.

Single Sign On with Active Directory Using LDAP

I am trying to get user information from LDAP function. I need a single sign in for my PHP application on Active Directory. I am using following function:
$ldapserver = 'abc.com';
$ldapuser = 'ali#abc.com';
$ldappass = 'xyz';
$attributes_ad = array
("displayName","description","cn","givenName","sn","mail","co","mobile","company","
displayName");
// define base
$base ="";
// connect
$ldapconn = ldap_connect($ldapserver) or die("Could not connect to LDAP server.");
if($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldapuser, $ldappass) or die ("Error trying to
bind: ".ldap_error($ldapconn));
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...<br /><br />";
$result = ldap_search($ldapconn, $base, "mail=$email*", $attributes_ad) or die ("Error in search
query");
$info = ldap_get_entries($ldapconn, $result);
//Now, to display the results we want:
for ($i=0; $i<$info["count"]; $i++)
{
// to show the attribute displayName (note the case!)
echo $info[$i]["displayname"][0];
}
}
}
Above code requires username and password both but I need a solution that can get the username and password whenever someone will login with AD credentials I need to use them to authenticate my login for my PHP application (actually it is an intranet application). Please help me with that I need to fetch all available user info from active directory.