PHP : Microsoft Office 365 and Active Directory

Disclaimer: I am not the biggest fan of Microsoft.  On the contrary.  I keep running into situations, where Microsoft technologies are a constant source of pain.  If that annoys you, please stop reading this post now and go away.  I don’t care.  You’ve been warned.

A few recent projects that I’ve been working on in the office required integration with Microsoft Office 365.  Office 365 is a new kid on the block as far as I am concerned, so I had no experience of integrating with these services.

The first look at what needs to be done resulted in a heavy drinking session and a mild depression.  Here are a few links to get you started on that path, if you are interested:

We’ve discussed the options with the client and decided to go a different route – limit the integration to the single sign-on (SSO) only, and use their Active Directory server (I’m not sure about the exact setup on the client side, but I think they use Active Directory Federation Services to have a local server in the office synchronized with the Office 365 directory).

Exposing the Active Directory server to the entire Internet is not the smartest idea, so we had to wrap this all into a virtual private network (VPN).  You can read my blog post on how to setup the CentOS 7 server as an automated VPN client.

Once the Active Directory was established, PHP LDAP module was very useful for avoiding any low-level programming (sockets and such).  With a bit of Google searching and StackOverflow reading, we managed to figure out the magic combination of parameters for ldap_connect(), ldap_set_option(), and ldap_search().

It took longer than expected, but some of it was due to the non-standard configuration and permissions on the client side.  Anyways, it worked, which were the good news.

The client accepted the implementation and we could just close the chapter, have another drink, and forget about this nightmare.  But something was bothering me about it, so I was thinking the heavy thoughts at the back of my mind.

The things that bother me about this implementation are the following:

  • Although it works, it’s a rather raw implementation, with very limited flexibility (filters, multiple servers, etc).
  • The code is difficult to test, due to the specifics of the AD setup and the network access limitations.
  • There is a lack of elegance to the solution.  Working code is good, but I like things to be beautiful too.  As much as possible at least.

So, I was keeping an eye open and I think today I came across a couple of links that can help make things better:

  1. adLDAP PHP library, which provides LDAP authentication and integration with Active Directory.  I don’t know how I missed it so far, but I think now things will be much easier and cleaner.
  2. Search Filter Syntax documentation on MSDN.
  3. This Reddit thread.  Yes, a lot of the things I’ve learned today are linked from it.  But it’ll be much easier for me to find all this information in my own blog, next time I’ll have to deal with Microsoft again.
  4. Public-facing LDAP server thanks to Georgia Institute of Technology, for testing connection and simple queries.

Armed with this new knowledge, I’m sure the current working solution can be improved a lot – simplified with fewer lines of code, based on the much more robust and tested code base, and given a basic test script to make sure the code works somewhere else, outside of a particular client’s setup.

I wish I came across that all much earlier.


PHP 7.1.0 Released!

PHP 7.1.0 release is out, bringing quite a bit of new features and improvements.  Here are some of the new things:

I guess I’ll wait for Fedora 26 or something to get a silent upgrade. :)

Migrating to PHP 7

PHP 7.0.0 has been released for a year now.  I wasn’t in a rush to migrate to it, but with all the cool features and performance optimization, it’s definitely something I wanted to look into rather sooner than later.

It turns out that I’ve done my first PHP 7 migration a week ago, when I upgraded my laptop to Fedora 25.  Yup, that’s right.  It’s a bit embarrassing, but I have been developing on PHP 7 for a week without even noticing it.

$ php --version
PHP 7.0.13 (cli) (built: Nov 9 2016 07:29:28) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
with Xdebug v2.4.1, Copyright (c) 2002-2016, by Derick Rethans

I think that was due to a few things:

  • It’s been quite a busy week, so my attention was all over the place.
  • PHP 7 backward compatibility is pretty awesome.  There are only a few things that need fixing in the older code bases, but if you haven’t been living under a rock for the last few years, you probably have nothing to change or worry about.
  • Most of the code I’m working on runs through TravisCI builds, which are executed on both PHP 5.6 and PHP 7.  Since we had this for a while now, most, if not all, of our code is PHP 7 compatible.

The absolute lack of any issues for the last week, related to this upgrade, is encouraging.  Now I will probably try to upgrade our servers sooner than later.

With that, I’ll go back to the wonderful and exciting world of PHP, leaving you to decide whether I’m very serious or very sarcastic…


runkit – changing the PHP internals on the fly

Here is something I didn’t know about until today – PHP’s runkit extension:

The runkit extension provides means to modify constants, user-defined functions, and user-defined classes. It also provides for custom superglobal variables and embeddable sub-interpreters via sandboxing.

This blog post – “Shimming PHP for Fun and Profit” – demonstrates how to use it with a case for a custom base64_decode() and unserialize() functions.  Here is the actual code on GitHub, which shows off how to use runkit_function_rename() and runkit_function_add().

This is not something one would use frequently, but might be an absolute life saver on a rainy day.

Deployer — Deployment tool for PHP


Deployer is yet another tool for deploying PHP projects.   It looks to have more similarities with Laravel Envoy and phake, than with, of which I am a new and growing fan.  But I thought I’d throw it into the mix here, just in case I’ll change my mind in the future.