Get email address of logged in user using ldap/php

Question

I'm using AuthLDAPURL in our htaccess file to authenticate a user. Is there a way to grab the user's email address once they're logged in using PHP??

Answer 1

You might be able to use AuthLDAPRemoteUserAttribute for this. As described in the documentation (emphasis mine):

If this directive is set, the value of the REMOTE_USER environment variable will be set to the value of the attribute specified. Make sure that this attribute is included in the list of attributes in the AuthLDAPUrl definition, otherwise this directive will have no effect. This directive, if present, takes precedence over AuthLDAPRemoteUserIsDN. This directive is useful should you want people to log into a website using an email address, but a backend application expects the username as a userid.

That's the opposite of what you describe but you can try specifying the e-mail address field to be returned.

Otherwise, after Apache has handed over to PHP, you could use the PHP LDAP functions to connect to the server and query for the email based on the supplied REMOTE_USER variable. This is simple enough with Active Directory, something like this (it'll differ depending on your LDAP provider):

$ldap = ldap_connect('ldap://yourserver'); // use 'ldaps' if you can!
ldap_bind($ldap, 'username', 'password');
$attributes = array('mail');
$search = ldap_search($ldap, 'base_dn', 'search_filter', $attributes);
$data = ldap_get_entries($ldap, $search);

$data should be an array with the e-mail address.