I have a website in PHP and want to authentificate users against Azure Active Directory. With ldap_connect and bind I have no problems to do this to a local AD-Server in our company.
function checkADAccount($username, $password)
{
$adServer = "myADServer";
$ldaprdn = 'myDomain' . "\\" . $username;
$ldap = ldap_connect($adServer);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
$bind = @ldap_bind($ldap, $ldaprdn, $password);
if ($bind) {
@ldap_close($ldap); // Verbindung schließen
return true;
} else {
return false;
}
}
But my application is hosted at Amazon Web Services (AWS) and is not in the same domain, so I can't use this way.
With ldap_connect and bind this functions to a local AD-Server in our company. But my application is hosted at Amazon Web Services (AWS) and is not in the same domain, so I can't use this way.
I tested graphapi with the ClientId and key for my company from Azure. So I can read the users-data, but I don't see any possibility to check a user/password combination. I only want to check, if there exists a user with this password, I don't need to read it from there.
So I tried to modify the LDAP-solution from above by changing the parameter of the adServer and of the user
$ldaprdn = 'sAMAccountname=' . $username . ',cn=users' . ',dc=myDomain,dc=com';
But I allwaws get: "Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server ". I tried for this multiple versions for the adServer but any delievers a binding.
Do you have any idea where is the error. I suggest with ldap_connect is the wron way, espacially I don't know which server-adress is the right one and how I had to tell the ClientId and key.
