AD LDS to the rescue!
I was trying to find an LDAP server where I could authenticate a user using an email address as Active Directory allows you to (using your UPN).
I tried many but they failed to do what I wanted to do easily.
I then tried a Google Search for "Active Directory Emulator". Voila!
Active Directory Lightweight Directory Services (AD LDS) came up formerly known as ADAM.
Microsoft says that "Microsoft Active Directory Lightweight Directory Services (AD LDS) is an independent mode of Active Directory that provides dedicated directory services for applications."
I run Windows 8.1 now and thought that I would need to fudge an install to get it to work. How wrong was I?
Windows 7
You will need to download the AD LDS install from the Microsoft site. Once downloaded, run it and click on Next Next Next... you know the drill.
Link: Active Directory Lightweight Directory Services for Windows 7
Windows 8.1
Do a windows search for "Add or Remove programs". Select "Turn Windows features on or off". You will see "Active Directory Lightweight Services" listed.
Once it installs, search for "Administrative Tools". Now run the "Active Directory Lightweight Directory Services Setup Wizard".
This article guides you through setting up an 'instance'.
Link: Technet - Create a New AD LDS Instance
Once done you will find a new Windows Service created - called <Instance Name> - what you typed.
You can then connect to and edit the directory using "ADSI Edit" - ADSI Edit can be found in "Administrative Tools".
Important Note: When you create new users using ADSI Edit the user accounts will be DISABLED by default. Edit the properties of the user object, find "msDS-UserAccountDisabled" and set it to "FALSE".
Create a Partition
Link: Create an Application Directory Partition
SSL
Create a self-signed certificate using Internet Information Server (local install)
Export the certificate
Start MMC --> Add Certificates
Expand the Service Account\Trusted Root certificates
import the Certificate
Restart the service
Here is some PHP code that can be used to test authenticating.
$ldap_server = "ldaps://127.0.0.1:636";
$ldap_user = "ldapproxy@blah.com";
$ldap_pass = "password";
define("LDAP_OPT_DIAGNOSTIC_MESSAGE", 0x0032);
putenv("TLS_REQCERT=never");
$handle = ldap_connect($ldap_server);
if($handle)
{
echo "connected<br>";
}
else
{
echo "not connected - happy?<br>";
}
ldap_set_option($handle, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($handle, LDAP_OPT_REFERRALS, 0);
var_dump(@ldap_bind($handle, $ldap_user, $ldap_pass));
ldap_get_option($handle, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);
if (!empty($extended_error))
{
var_dump($extended_error);
}