I've found out that LDAP authentication does not support such scenario:
- LDAP server does not allow anonymous binding
- there is no special account for AD user
- but is allows binding for any registered user, but account suffix must be added to the user name
I couldn't get PHP LDAP auth to work with such conditions. I managed to do this with mediawiki (https://www.mediawiki.org/wiki/Extensio ... entication) and with Wordpress (active-directory-integration.1.1.4.zip plugin).
Configuration of Wordpress plugin for the easiest one.
So I modified auth_ldap.php to support such config on my side.
But question is: couldn't PHP LDAP support my scenario natively?
Here is my config example:
but for binding I need such username: sAMAccountName@company.netLDAP server name: ldap://europe.company.net
LDAP base dn: DC=company,DC=net
LDAP uid: sAMAccountName
LDAP e-mail attribute: mail
And I need that AD user is also: sAMAccountName@company.net with its password.
I attached my auth_ldap.php which solved the problem for me - but it isn't general solution.