Authenticate to Active Directory via LDAP

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Hi All,

I have some code here that seems to work well to authenticate to a
W2003 active directory server.  The problem I'm having is that some of
our users have distinguished names like so:
1) CN=Nicki Lambert,CN=Users,DC=ad,DC=mydomain,DC=com

and others with distinguished names like so:
2) CN=BobB,CN=Users,DC=ad,DC=mydomain,DC=com

The problem I'm having is that users with a distinguished name as in
1) cannot bind using their sam account name.
For example Nicki Lambert's username is NickiL and her email is also  However if I use "NickiL"  in the bind string
like so '', the bind fails.

If I use the bind string '' there are no problems.

One solution I guess is to go through the active directory and rename
those users that don't work <ugh>.  Can I somehow bind using the sam
account name (username)?

Here is the code I'm using:

$ldaphost = "adserver";

$ds = ldap_connect("LDAPS://".$ldaphost)
or die("Could not connect to $ldaphost");

if ($ds)
    $username = "bobb";
    $upasswd = "secret";
    $binddn = $username.""

    $ldapbind = ldap_bind($ds, $binddn, $upasswd);

    if ($ldapbind)
        print "Congratulations! $username is authenticated.\n";
        print "Nice try, kid. Better luck next time!\n";

I'm not sure what group to post this in php or active directory.
Sorry if this is the wrong place.

Site Timeline