We’ve created an intranet site that requires the same password as the user’s network login, so we use LDAP to check the username/password.
That’s fine, but if they enter it incorrectly three times it locks their account out, and one or two users have found this confusing.
Is there anyway at all I could check, using LDAP/PHP whether or not their account is locked, so I can display a little message prompting them to contact IT?
Advertisement
Answer
You need to connect to the LDAP using the LDAP functions in PHP and perform search/read to locate and get the information. You can read about it here: http://us3.php.net/manual/en/book.ldap.php
Find a sample code for reading entries:
if (!($ldap=ldap_connect($ldapip, $ldapport))) { die("Error:Unable to connect to the LDAP Server"); return; } if (!ldap_bind($ldap, $admindn, $adminpwd)) { die("Error:Unable to bind to '$dn'!"); return; } $sr=ldap_search($ldap, $userbasedn, $filter); $info = ldap_get_entries($ldap, $sr); if($info["count"] > 0) { $entry = ldap_first_entry($ldap, $sr); $return_array = ldap_get_attributes($ldap, $entry); if($return_array) { for ($i=0;$i<$return_array['count'];$i++) { print($return_array[$i]); print($return_array[$return_array[$i]][0]); } } }You might want to check for the fields lockoutTime in AD, nsaccountlock in LDAP and read them