How to search for Member in AD security group using PHP

Question

I am currently developing a noticeboard app using PHP. I would now like to only allow staff to add to it, so I need to find out what Security group the current user is (In AD), for instance staff have their own group and so do students. I would like to use the Windows based authentication to get their username and query that in the AD group. I have tried all the answers I find but none help.

I have the following code so far:

<?php
//Declare Vars
$domain = 'doamin.local';
$username = 'admin';
$password = "";
$ldapconfig['host'] = 'hostname';
$ldapconfig['port'] = 389;
$ldapconfig['basedn'] = 'dc=domain,dc=local';
$dn = 'dc=domain,dc=local';
//Connect to AD
$ds=ldap_connect($ldapconfig['host'], $ldapconfig['port']);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$bind=ldap_bind($ds, $username .'@' .$domain, $password);
    if ($bind) {
        echo "LDAP bind successful...";
        //Query for group membership
              $search = ldap_search($ds, $dn, "(samaccountname=w10student)", ['memberOf']);
              $enr = ldap_get_entries($ds, $search);

    } else {
        echo "LDAP bind failed...";
    }

      print_r($enr);

?>

It now prints all groups to an array, I need to have an if statement for if the array contains one of the groups to then set a variable Any help is appreciated

Many thanks,

Conor

This doesn't help : https://stackoverflow.com/a/51439220/4929742 ? — Bilel, Jan 30 '20 at 00:01
Tell us what you have tried and show logs or results and Read: https://stackoverflow.com/help/how-to-ask — jwilleke, Jan 30 '20 at 11:39
I am trying to use an "in_array" statement with no luck, code is below: if (in_array("CN=staff2,OU=Admin,OU=Groups,DC=oakwood,DC=school", $enr)) { echo "staff"; } else { echo "not staff"; } — Conor Treslove-Hayes, Jan 30 '20 at 15:38

How to search for Member in AD security group using PHP

0 Answers0