From: Brent Gardner on
Hello, list.

I'm hoping someone can help me optimize an LDAP lookup.

Querying Active Directory, I'm trying to retrieve the "displayName"
and "mail" attributes for each user in a group.

I've put together a routine that works after studying several examples
online and a lot of trial and error, but I'm no PHP expert. It seems
like there's more work going on here than is necessary.

My code retrieves the DN for each user in the group, then runs another
query for each DN to get the values for displayName and mail. Is
there a more elegant solution?

Ultimately, I'm using this code to populate a dropdown field on a
webform so a user can select a username to send an email message to
without exposing all the users' email addresses.

My code's listed below.


Brent Gardner


echo "<html>\n\n";
echo " <body>\n\n";

// connect to ldap server (2003 AD on local machine)
$ds = ldap_connect("ldap://") or die (" Could not
connect to AD.<br>\n\n");

if ($ds) {

// set some connection options
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION,3) or die
(" Could not set protocol version.<br>\n\n");
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS,0) or die
(" Could not set option referrals.<br>\n\n");

// This is the user account to use to connect to Active Directory.
// 2003 AD does not allow anonymous binds.
$username = "ldapqueryuser(a)example.local";
$password = "notreallythepassword";

// bind to AD
$ldapbind = ldap_bind($ds, $username, $password) or die ("
Could not bind to AD.<br>\n\n");

if ($ldapbind) {

echo " LDAP bind successful...<br><br>\n\n";

// Get the list of users that are in a groiup named 'Example'.
// This set of commands produces a list of full DNs for
the users in the
// Example group and stores the list in $Values.
$dn = "ou=TestOU,ou=Users,dc=example,dc=local";
$sr = ldap_search($ds, $dn, "cn=Example");
$Entry = ldap_first_entry($ds, $sr);
$Values = ldap_get_values($ds, $Entry, "member");

if ($Values["count"] > 0) {

// Get the displayname and email address for the users
that are in the
// Example group.
// The data is put into an array called $Users.
// The format of the array is:
// $Users[index] = value
// where the index is the user's display name and the
value is the email
// address.
$Users = array();

for ($i=0; $i<$Values["count"]; $i++) {

$UserSR = ldap_read($ds, $Values[$i],
"(&(objectClass=*))", array("displayname", "mail"));
$UserValues = ldap_get_entries($ds, $UserSR);

$Users[$UserValues[0]["displayname"][0]] =


// sort the list by the index, which is the displayname

echo " Users:<br>\n\n";
echo " <table>\n\n";

// list the users and their email addresses
// This runs through the array, producing the values
of the array in pairs.
// The pairs are produced in order, from the beginning
of the array to the
// end of the array. Since the array was sorted using
ksort above, the index
// values of the array should be in alphabetical order.
// As the loop runs through the array, the index
value, which is the displayname
// will be placed in $UserDisplayName and the email
address will be placed in
// $UserMail.
foreach ($Users as $UserDisplayName => $UserMail) {

echo " <tr>\n";

echo " <td>";
echo $UserDisplayName; // displays the
user's displayname
echo "</td>\n";

echo " <td>";
echo $Users[$UserDisplayName]; // displays the
user's email address
echo "</td>\n";

echo " </tr>\n\n";


echo " </table><br>\n\n";

} else {

echo " No data returned.<br>\n\n";





echo " </body>\n\n";
echo "</html>\n";