PHP - LDAP Connection test

1. <?php
2. /**
3.  * PHP-LDAP CONNECTION TEST
4.  * This is test script to check if LDAP authentication connection is up.
5.  * The algio here just to show how-to, in production these best in the class setup.
6.  *
7.  * Minimum:
8.  * - PHP 5.5
9.  * - PHP LDAP Lib
10.  *
11.  * Author: [email protected]
12.  *
13.  * Futher Readings;
14.  * - [LDAP Port|https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx]
15.  */
16.  
17. // show all error
18. error_reporting(E_ALL);
19.  
20. // just a method to print status & terminate this script
21. function logHere($type, $msg = FALSE) {
22.   $fatal = FALSE;
23.  
24.   if ($fatal = ($msg === FALSE)) {
25.     $msg  = $type;
26.     $type = 'FATAL';
27.   }
28.  
29.   echo "{$type}:{$msg}" . PHP_EOL;
30.  
31.   if ($fatal) {
32.     exit;
33.   }
34. }
35.  
36. /**
37.  * CHECK PHP
38.  * - Do these once only; to check if enviroment have those lib.
39.  */
40. if (
41.   (!extension_loaded('ldap')) ||
42.   (!function_exists('ldap_connect')) ||
43.   (!function_exists('ldap_set_option')) ||
44.   (!function_exists('ldap_search')) ||
45.   (!function_exists('ldap_get_entries')) ||
46.   (!defined('LDAP_OPT_PROTOCOL_VERSION')) ||
47.   (!defined('LDAP_OPT_REFERRALS')) ||
48.   (!defined('LDAP_OPT_NETWORK_TIMEOUT'))
49. ) {
50.   // logHere & exit
51.   logHere('ldap.php-failed-ldap');
52. }
53.  
54. /**
55.  * CHECK HOST LOCATION
56.  * - Do this once only; to check if IP & port welcome Authentication API.
57.  */
58. $host = 'xxx.xxx.xxx.xxx'; // <-- CONFIG HERE
59. // port - these are basic selections suggested by Microsoft TechNet - dd772723.
60. //      - however each organization might have different setup for security reason.
61. // $port = 389; // normal - 3268 GC
62. // $port = 636; // secure - 3269 GC
63. $port = 88; // Kerberos - User / Comp Autehntication
64. // $port = 53; // DNS - User / Comp Autehntication
65. $wait = 5;
66. $eCode = $eStr = '';
67. if (!($fp = @fsockopen($host, $port, $eCode, $eStr, $wait))) {
68.   // logHere & exit
69.   logHere('error', 'ldap.error-code:' . $eCode);
70.   logHere('error', 'ldap.error-msg:' . $eStr);
71.   logHere('ldap.hello-failed');
72. }
73. fclose($fp);
74. logHere('info', 'ldap-fsockopen-success');
75.  
76. /**
77.  * CHECK LDAP CONNECTION
78.  * - Check if Host can be connected with PHP Driver.
79.  */
80. $con = ldap_connect($host);
81. if (empty($con)) {
82.   // logHere & exit
83.   logHere('ldap.connection-failed');
84. }
85. logHere('info', 'ldap-connection-ok');
86.  
87. /**
88.  * SETUP LDAP CONTROLS
89.  * - Basic PHP-LDAP options; as needed.
90.  */
91. ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
92. ldap_set_option($con, LDAP_OPT_REFERRALS, 0);
93. ldap_set_option($con, LDAP_OPT_NETWORK_TIMEOUT, 10);
94.  
95. /**
96.  * BINDING USER
97.  * - Authenticate User / Computer via LDAP
98.  */
99. $domain   = 'XXXX';         // <-- CONFIG HERE
100. $username = 'XXX.XXX.XXX';  // <-- CONFIG HERE
101. $password = 'xXxXxXxXxX';   // <-- CONFIG HERE
102.  
103. $ldaprdn  = "{$domain}\\{$username}";
104. $bind     = @ldap_bind($con, $ldaprdn, $password);
105. if (empty($bind)) {
106.   // get more error details
107.   $extended_error = ': Unknown issue.';
108.   $diagMsg = 0x0032; // LDAP_OPT_ERROR_STRING - if version issue (octal)
109.   ldap_get_option($con, $diagMsg, $extended_error);
110.   // logHere & exit
111.   logHere('error', $extended_error);  
112.   logHere('ldap.binding-failed');
113. }
114. logHere('info', 'ldap-binding-ok');
115. logHere('info', 'ldap-authentication-ok');
116.  
117. // all ok