Authenticating users via PHP


I’m running EFA ( but I can’t seem to get it to work.

Any suggestions?


…not without knowing what exactly does not work. The linked documentation describes a LDAP connection - is that not working? Do you get errors, etc.?

I added some debug code, and I get a bind failure.

This is what they use to connect to AD


  • @param $user

  • @param $password

  • @return null|string
    function ldap_authenticate($user, $password)
    $user = strtolower($user);
    if ($user != “” && $password != “”) {
    $ds = ldap_connect(LDAP_HOST, LDAP_PORT) or die("Could not connect to " . LDAP_HOST);
    // Check if Microsoft Active Directory compatibility is enabled
    ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_bind($ds, LDAP_USER, LDAP_PASS); <<<<---------- FAILS HERE
    if (strpos($user, ‘@’) and LDAP_EMAIL_FIELD === ‘mail’) {
    $r = ldap_search($ds, LDAP_DN, LDAP_EMAIL_FIELD . “=$user”) or die(“Could not search”);
    } elseif (strpos($user, ‘@’)) {
    $r = ldap_search($ds, LDAP_DN, LDAP_EMAIL_FIELD . “=SMTP:$user”) or die(“Could not search”);
    } else {
    $r = ldap_search($ds, LDAP_DN, “sAMAccountName=$user”) or die(“Could not search”);
    if ($r) {
    $result = ldap_get_entries($ds, $r) or die(“Could not get entries”);
    if ($result[0]) {
    if (in_array(“group”, array_values($result[0][“objectclass”]))) {
    return null;
    $user = $result[0][‘userprincipalname’][‘0’];
    if (ldap_bind($ds, $user, “$password”)) {
    if (isset($result[0][LDAP_EMAIL_FIELD])) {
    foreach ($result[0][LDAP_EMAIL_FIELD] as $email) {
    if (substr($email, 0, 4) == “SMTP”) {
    $email = strtolower(substr($email, 5));

                     $sql = sprintf("SELECT username FROM users WHERE username = %s", quote_smart($email));
                     $sth = dbquery($sql);
                     if (mysql_num_rows($sth) == 0) {
                         $sql = sprintf(
                             "REPLACE INTO users (username, fullname, type, password) VALUES (%s, %s,'U',NULL)",
                     return $email;


    return null;

And these are my settings:

// LDAP settings define('USE_LDAP', true); define('LDAP_SSL', false); // set to true if using LDAP with SSL encryption define('LDAP_HOST', ''); define('LDAP_PORT', '389'); define('LDAP_DN', 'DC=example,DC=com'); define('LDAP_USER', ''); define('LDAP_PASS', 'secret'); define('LDAP_SITE', 'default-first-site-name'); // can be set to 'proxyaddresses' or 'mail'. Please refer to your LDAP system manual for the right keyword define('LDAP_EMAIL_FIELD', 'mail'); // Microsoft Active Directory compatibility support for searches from Domain Base DN define('LDAP_MS_AD_COMPATIBILITY', true);

Does that help at all? I do have the right name and password. My PHP is pretty weak.


Interestingly enough, this worked perfectly on another install.

I’ll compare the two and see if I can find any differences.