Active directory support with authorization example

Active directory support for Yii provided by adLDAP class.


Yii 1.1.14 or above (not tested on earlier versions)


Copy adLDAP directory to extensions dir. Copy UserIdentity.php to components dir if you want support for AD authorization.


In config file:

             // those are standard adLDAP options check http://adldap.sourceforge.net/ for documentation
             'options'=> array(
                            'ad_port'      => 389,
                            'domain_controllers'    => array('ad_server'),
                            'account_suffix' =>  '@domain_name',
                            'base_dn' => NULL,
                    // for basic functionality this could be a standard, non privileged domain user (required)
                            'admin_username' => 'jdoe',
                            'admin_password' => 'password',

Example usage in every place of an application:

// gather info about domain computer
Yii::app()->ldap->computer()->info('computer_name', null);

If you would like to use UserIdentity class included in this package you could also get Active Directory information about authorized user:

// in template file
if(isset(Yii::app()->user->displayname) {
  echo Yii::app()->user->displayname; // or any other field from UserIdentity $_fields property
if(isset(Yii::app()->user->groups) {
  foreach(Yii::app()->user->groups as $group) {
    echo 'User belongs to: ' . $group ."\n";


Total 3 comments

#17856 report it
Phelipe Folgierini at 2014/07/31 02:24pm
Way to authenticate via email

To do this is necessary to use UPN auth method in the Active Directory. Since the adLDAP don't offer this support I have made a improvement in the adLDAP.php class.

  1. In the "authenticate" method (near line 694) add the param $UPNLogin, as below:
public function authenticate($username, $password, $preventRebind = false, $UPNLogin = false) {
  1. In the same method, near the line 713, change the code as below:


$this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password);

For this:

if($UPNLogin && strrpos($username, '@') != FALSE) {
    $this->ldapBind = @ldap_bind($this->ldapConnection, $username, $password);
} else {
    $this->ldapBind = @ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password);

So you need to call the authtentication method in this way:

Yii::app()->ldap->authenticate($this->username, $this->password, false, true);

And in the login form the user field can be both "username" or "username@domainname.com".

#17852 report it
Fedek6 at 2014/07/31 04:36am
Re: Way to authenticate via email

I think it will be hard without messing with Active Directory settings. Check this link.

#17825 report it
Phelipe Folgierini at 2014/07/25 05:34pm
Way to authenticate via email

There's a way do authenticate user via the user email available in the Active Directory information?

Leave a comment

Please to leave your comment.

Create extension