Sunday, January 24, 2010

Verify group membership in Active Directory using LDAP

<?php
$ldap_server = ""; //IP ADDRESS OF LDAP
$ldap_dn = ""; //NAME OF AD FOREST
$ldap_gn = ""; //OU TO SEARCH MEMBERSHIP
$ldap_attr = array("*"); //RETURN ALL ATTRIBUTS
$ldap_filter = "samaccountname=".$user; //SPECIFIC USER 

$ad = ldap_connect($ldap_server);
$lv = ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
$bd = ldap_bind($ad,$ldap_user,$ldap_password);
$result = ldap_search($ad, $ldap_dn, $ldap_filter, $ldap_attr);
$entries = ldap_get_entries($ad, $result);

//CHECK IF USER IS IN $ldap_gn
$belongs = in_array($ldap_gn,$entries[0]['memberof']) ? TRUE : FALSE; 
?>