many examples show the crux of LDAP as binding/authenticating some person's username and password. mine works only with admin name and password. essence of the commands is here:

$ldapLink = ldap_connect($ldap_server) or die("Can't establish LDAP connection");
$ldap_bind = ldap_bind($ldapLink, $ldapUser, $ldapPswd) or die("Can't bind to the server");

that User and Pswd works only as admin. however, once in, to search for a person, i can find someone using their email address, as follows, but cannot search for their "uid" which is supposed to be userid. when i add uid=aeinstein, it returns with a count = 0.

$results = ldap_search($ldapLink, "OU=Raleigh,DC=cshlaw,DC=com", "mail=username@domain.com");

that finds 1 individual. so the REAL question is can someone please show me code that [1]ok, accesses the ldap server as admin, that is fine, but ALSO [2]really authenticates a username, password of a regular person/non-admin?? so many examples show username, password in the field where MY admin username, password are; is our system somehow missing something, since maybe all users should be able to connect to the ldap server?

deadline this week, and after 10 weeks of coding, really need to get ldap to work. thx muy mucho for any help!!!

    3 months later

    I use this to auth with AD

    <?php
function ldap_connection($username, $password) {
  // AD Server
 $adServer = "server_IP";
 // AD LDAP Connect
 $ldapconn = ldap_connect($adServer) or die("<strong>Could not connect to LDAP server.</strong>");
 // Set LDAP Protocol
 ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3) or die ("<strong>Could not set ldap protocol</strong>");
 // Set this option for AD on Windows Server 2003 per PHP manual
 ldap_set_option($ad, LDAP_OPT_REFERRALS, 0) or die ("<strong>Could not set option referrals</strong>");
 // Accounts & Password fetch
 $account = htmlspecialchars($username,ENT_QUOTES);
 // Check for blank fields
 if ($account == "" || $password == "") {
 	echo "<center><span class='loggingintext '><strong><img src='images/iconError.gif'> Login Failed! Please <a href='index.php'>click here</a> and try again.</strong></span></center>";
	return;
 }
 // Add email ext. to username for login 
 $ldaprdn = $account."@company.corp";
 $ldappass = $password;
 // Bind LDAP Connection
 if ($ldapconn) {
  $ldapbind = @ldap_bind($ldapconn, $ldaprdn, $ldappass) or die("<center><span class='loggingintext '><img src='images/iconError.gif'> <strong>Login Failed! Please <a href='index.php'>click here</a> and try again.</strong></span></center>");
 } 
 // Login Check
 if ($ldapbind) {
 	// Tell ajax to log us in
	echo "<center><span class='loggingintext'><img src='images/icon_checkmark.gif'> Authenicated to Active Directory!</span></center>";
	// Setup Sessions
	$_SESSION['account'] = $account;
	$_SESSION['password'] = $password;
	echo '<META http-equiv="refresh" content="0; URL=dashboard.php">';
 } else {
 	// Login Failed, tell ajax dont log in
	echo "<center><span class='loggingintext '><strong><img src='images/iconError.gif'> Login Failed! Please <a href='index.php'>click here</a> and try again.</strong></span></center>";
 }
 // Close Connection to AD
 ldap_unbind($ldapconn);
}

if ($_POST["button"] == "Submit") {
if ($_POST["username"] <> "" && $_POST["password"] <> "") {
		echo "<center><span class='loggingintext'>Please wait, logging in...</span></center>";
		ldap_connection($_POST["username"], $_POST["password"]);
		return;
	}
}
}

<form action="<?php echo $PHP_SELF; ?>" method="post" name="loginform">
  <div id="login-username">
    <label for="username01">Username:</label>
    <input name="username" size="20" maxlength="150" value="" id="username" type="text">
  </div>
  <div id="login-password">
    <label for="password01">Password:</label>
    <input name="password" size="20" maxlength="150" value="" id="password" type="password">
  </div>
  <div class="form-buttons">
    <input name="login" class="form-button-submit" value="Login" type="submit">
  </div>
</form>
?>
      Write a Reply...