Back to the module list

Authentication LDAP

The LDAP (Lightweight Directory Access Protocol) can be used to authenticate the users.

This module allow to authenticate in two steps:

  1. Found the user in the LDAP with a non privileged account
  2. Authenticate the user on this found user by providing the password to LDAP

The LDAP server can be secured by SSL. The server must be defined like ldaps://server.domain.tld to use it.

The class definition

Class Domframework\Authldap

Namespace Domframework


 User authentication against LDAP server


public $appName;
 The application name
public $ldapauth="";
 LDAP authentication to search user
public $ldapbase="";
 LDAP Search base
public $ldapfield="mail";
 Field used to identify a user
public $ldapfilter="(mail=%s)";
 Filter used to search user
public $ldapfiltersearch="(objectClass=inetOrgPerson)";
 Filter used to find the available data of an authenticated user
public $ldapport=389;
 LDAP TCP Port (389 by default)
public $ldappwd="";
 LDAP authentication password
public $ldapserver="localhost";
 LDAP server : can be ldaps://server.domain.tld if LDAPS
public $ldaptimeout=5;
 LDAP Connection timeout (5s by default)


public function __construct ()
 Check the availability of LDAP functions in PHP

public function __destruct ()
 Close the LDAP connection when closing the object or PHP

public function authentication ( $email, $password)
 Try to authenticate the email/password of the user
 @param string $email Email to authenticate
 @param string $password Password to authenticate

public function changepassword ( $oldpassword, $newpassword)
 Method to change the password
 @param string $oldpassword The old password (to check if the user have the
 rights to change the password)
 @param string $newpassword The new password to be recorded

public function connect ()
 Establish a connection to a LDAP server
 $server can be "ldaps://ldap.domain:636"
 If $user is "", there is no authentication (anonymous mode)

public function getdetails ()
 Return all the parameters recorded for the authenticate user

public function listusers ()
 List all the users available in the database
 Return firstname, lastname, mail, with mail is an array

public function logout ()
 Method to disconnect the authenticated user

public function overwritepassword ( $email, $newpassword)
 Method to overwrite the password (without oldpassword check)
 Must be reserved to the administrators. For the users, use changepassword
 @param string $email the user identifier to select
 @param string $newpassword The new password to be recorded

public function pageHTML ( $baseURL, $message="", $url="", $alreadyAuth=false)
 Display the authentication page
 The message is displayed to the user in case of error
 The url is the caller url to go back if authentication is correct
 @param string $baseURL The URL base to use for the links
 @param string|null $message Message to display to the user
 @param string|null $url URL to go back after successful authentication
 @param mixed $alreadyAuth If the user is already authenticated, the value
 will be displayed if the user is coming on the page.