Table of Contents
To use adLDAP you need to first define some important parameters, specifically the Domain Controller you wish to query and the base domain details of your Active Directory structure. You may also need to define a username and password of an account with higher privileges than your standard domain user account.
These can be defined directly in the adLDAP.php script itself or you can pass them in an array as part of the constructor. See more information about connecting and disconnecting.
The configuration options declared in the class itself are protected variables. That means they cannot be set from directly outside the class. You can, however, set them at run time by passing an array to the adLDAP constructor. You can override objects to allow specific configuration options to be changed at runtime.
Below are a list of all configuration options you can define, and most likely the only part of adLDAP.php you'll need to edit.ñññ
$accountSuffix = "@mydomain.local";
$baseDn = "DC=mydomain,DC=local";
For example if your account suffix is @mydomain.local then your base DN is usually DC=mydomain,DC=local
If you can authenticate users ok, but searching doesn't work, it's generally because you have specified an incorrect base_dn.
If you set this to NULL, adLDAP will attempt to detect this information automatically from your domain controller
$domainControllers = array("dc01.mydomain.local");
Bear in mind when setting this option, requests will still be sent to offline domain controllers specified in this array. This array implements load balancing, not fault tolerance.
$adminUsername = NULL;
It is strongly recommended to do this, as a standard domain user account will not have many permissions to query over Active Directory.
$adminPassword = NULL;
$realPrimaryGroup = true;
adLDAP >= 3.1 has a re-written function to reveal the true primary group and should be much less intensive than versions prior to 3.1
$useSSL = false;
$useTLS = false;
$recursiveGroups = true;
Any function in adLDAP that involves checking group memberships of contacts, users, etc will use this property. In many of these functions you can enable this or disable it on a function by function basis as well.