A Symfony-based REST API for managing users and groups via LDAP/Active Directory.
Features:
- Search users by
samAccountNameorEmail - Unlock, disable, and enable users
- Reset user passwords
- Add or remove users from groups
- List groups & display group members
- API documentation via Swagger UI
Note: LDAP and LDAPS (SSL) connections are dynamically controlled via the
.envconfiguration.
- IT Administrators
- DevOps Teams
- Service Desk Integrations (e.g., Self-Service Password Reset)
- PHP 8.2
- Symfony 6.4
- Docker Compose
- NelmioApiDocBundle v5 (Swagger UI)
git clone https://github.com/YOUR_GITHUB_USER/ad-management-api.git
cd ad-management-apidocker compose up -d- Symfony will be available at: http://localhost:8000
- Swagger UI will be available at: http://localhost:8000/api/doc
Create a .env and .env.local file inside the app/ directory:
touch app/.env
nano app/.env.localLDAP_HOST=ldaps://domain-constroller.my.domain
LDAP_PORT=636
LDAP_ENCRYPTION=ssl # valid: ssl / none
LDAP_IGNORE_CERT=0 # valid: 0 / 1
LDAP_BASE_DN=dc=my,dc=domain
LDAP_USER_DN=DomainUser/Admin@my.domain
LDAP_PASSWORD=YOUR_PASSWORD
APP_SECRET=YOUR_TOP_SECRET_APP_SECRETNotes:
- Use
ldap://and port389for unencrypted connections - Use
ldaps://and port636for SSL/TLS secured connections
(Handled automatically by init.sh during Docker startup)
Or manually:
docker compose exec php composer installAll endpoints are documented in Swagger UI!
| Method | URL | Description |
|---|---|---|
| GET | /api/user/search |
Search for users |
| POST | /api/user/{samAccountName}/unlock |
Unlock a user |
| POST | /api/user/{samAccountName}/disable |
Disable a user |
| POST | /api/user/{samAccountName}/enable |
Enable a user |
| POST | /api/user/{samAccountName}/reset-password |
Reset a user's password |
| GET | /api/group/list |
List all groups |
| GET | /api/group/{groupName}/members |
List members of a group |
| POST | /api/group/{groupName}/add-user/{samAccountName} |
Add a user to a group |
| POST | /api/group/{groupName}/remove-user/{samAccountName} |
Remove a user from a group |
- Secure LDAP login via LDAPS or StartTLS
- Proper error handling for LDAP operations
MIT License.
Developed with 💛 to automate Active Directory management.