Google Answers Logo
View Question
 
Q: Active Directtory-LDAP programming ( Answered,   0 Comments )
Question  
Subject: Active Directtory-LDAP programming
Category: Computers > Programming
Asked by: amikeal-ga
List Price: $2.00
Posted: 24 Jul 2002 16:51 PDT
Expires: 23 Aug 2002 16:51 PDT
Question ID: 44790
How do I add/edit account entries in an Active Directory domain using
the standard LDAP protocol (specifically, I'll be using PHP's LDAP
functions)?
Answer  
Subject: Re: Active Directtory-LDAP programming
Answered By: joseleon-ga on 25 Jul 2002 01:53 PDT
 
Hello, amikeal:

You can manage an Active Directory using PHP LDAP functions in the
same way you do with a normal LDAP server, below is an specific sample
on how to connect with an Active Directory server.

Active Directory Service Interfaces -The Easy Way to Access and Manage
LDAP-Based Directories
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/prodtechnol/winntas/maintain/featusability/adsildap.asp

LDAP functions
http://www.php.net/manual/en/ref.ldap.php

Following is a sample to connect to Active Directory using LDAP
Functions:
//************************************************************************
rusko.marton@gibzone.hu
10-Jul-2002 05:06

You can authenticate to a Windows 2000 domain's ldap server easily by
using
the simplified netbios form of the username.

Somebody written:
When authenticating to a Win2k LDAP server, the name of the person
must be
the FULL NAME in the dn 

NO. You can use this form:

$user = "DOMAINNAME\\username"
$password = "Password_of_user"; 

if (!$connect = ldap_connect("<server>", <port>)) { 
  //error
  exit;
} 
if (!$res = @ldap_bind($ldap, $user, $password)) { 
  //error
  exit;
} 

It works fine with Active Directory, we use it.
//************************************************************************


Another sample showing you how to add an account:
//************************************************************************
<?php
$ds=ldap_connect("localhost");  // assuming the LDAP server is on this
host

if ($ds) {
    // bind with appropriate dn to give update access
    $r=ldap_bind($ds,"cn=root, o=My Company, c=US", "secret");

    // prepare data
    $info["cn"]="John Jones";
    $info["sn"]="Jones";
    $info["mail"]="jonj@here.and.now";
    $info["objectclass"]="person";

    // add data to directory
    $r=ldap_add($ds, "cn=John Jones, o=My Company, c=US", $info);

    ldap_close($ds);
} else {
    echo "Unable to connect to LDAP server"; 
}
?>
//************************************************************************

I hope this answer solves your problem, if you want more research,
don't hesitate to request a clarification.

Best Regards.

active directory php LDAP
://www.google.com/search?q=active+directory+php+LDAP&ie=UTF-8&oe=UTF-8&hl=en&lr=

LDAP php examples
://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=LDAP+php+examples&lr=

Request for Answer Clarification by amikeal-ga on 25 Jul 2002 08:17 PDT
Well, this is good information, but not sufficient. I already knew how
to *connect* to ADS via PHP LDAP functions; my problem is in
*adding/editing user accounts* - i.e., what are the field (attribute)
names that I need to add or replace to affect the username, full name,
home directory, password, and group membership - those fields
necessary to edit basic account properties.

For example, if I write an online form that allows a user to reset
their password, what fields would I need to adjust in ADS to make this
change? Microsoft doen't seem to have published this information
anywhere, as far as I can tell.

Clarification of Answer by joseleon-ga on 26 Jul 2002 00:34 PDT
Hello:
 This is a more specific question, thanks. I supose you are
testing/porting PHP code which works with an LDAP server and you have
problems with ADS, isn't it?, Have you tested your code with an LDAP
server? Could you please, post the code you have problems with? Active
Directory meets the LDAP standard so there must not be problems with
what you say, please, post your code and I will check it out.

Regards.
Comments  
There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy