Connecting to Active Directory using PHP

I really struggled to get PHP to be able to use LDAPS to talk to my domain controller. I wanted the ability to create users and set passwords and security groups so that I could administer users from my web interface.

It took a lot of googling but I finally got it working and it turns out in the end it is quite straight forward.

SETTING UP THE MACHINE

I started with a new Virtual machine with SSH and LAMP installed. I was using a 12.4LTS version of Ubuntu as it was a download I had handy.

Once set up the first thing to do is to turn on errors in PHP. This just makes it possible to debug what is happening.

To do this edit the php.ini file

sudo vim /etc/php5/apache2/php.ini

Around line 500 change the setting to turn errors on

display_errors = On

Remember to restart apache for it to take affect

sudo service apache2 restart

PHP

You need to ensure that the LDAP module for PHP is installed. To solve this run

sudo apt-get install php5-ldap

Then remember to restart the service

sudo service apache2 restart

ADD THE ROOT CERTIFICATEYou need install a certificate on your server. This is the Root certificate. To do this copy the root crt file to

/usr/local/share/ca-certificates

Once you have created the file you have to update the certificates. Run

sudo update-ca-certificates

This will place the certificate in the correct place.

etc/ssl/certs/

Configure LDAPS

The other thing I did was to change the LDAPS config

vim /etc/ldap/ldap.conf

and add

TLS_REQCERT never

to the bottom of the file

You should now be able to connect to LDAPS with PHP and create users in active directory.