Implement User class based on LDAP

I want to create a Yii2 Application for use in my companies intranet. I have access to the NT-username of the client with $_SERVER[‘REMOTE_USER’]. This name I can use to query the active directory for more information (full name, department, etc.). I want to create my own user class, that is populated with this information and more. I want to access it through Yii::$app->user. The code to query the active directory is available and working.

I had a look at the default implementation and I am not sure if implementing \yii\web\IdentityInterface is suitable in this case.

Can you guide me in the right direction?


I had a similar project a while back…

Not sure if this is suitable for you,

but my solution was something like this:

  1. Create a MySQL user table which holds everything you want to have from the user.

  2. Authenticate against LDAP

  3. On successfull auth => write / update all needed information of the user in your MySQL DB.

  4. Use Yii "standard" build-in UserIdentity / Components…

Since everything you need is in your MySQL DB.

For me - this had following advantages:

  1. You basically only have to modify the login.

  2. You can code a "fallback" like:

If LDAP is not reachable => And current user profile is not older than XY,

authenticate against the MySQL copy of the login.


Thank you for your answer.

How does

work in your case?

The user shouldn’t need to do anything since he should automatically be logged-in. If (for some reason) the user does not exist in the active directory an error page should be shown.

Can you show some example code for me to better understand this?


In my case I had no "autologin"…

The user still needed to authenticate at least once per week with his AD user & password to update the local "MySQL-Mirror"…

Not sure if this is suitable in bigger environments,

but on my end I had no problems so far.

I used a adLDAP class…

Read my post in this thread regarding more info:

Here is some very basic example code:

use adLDAP\adLDAP;


$options = [

    'account_suffix' => "@mydomain.local",

    'domain_controllers' => [""],

    'base_dn' => 'dc=mydomain,dc=local',

    'admin_username' => 'adAccount',

    'admin_password' => 'accountPassword',



try {

    $ad = new adLDAP($options);

    echo "Awesome, we're connected!";

} catch (adLDAPException $e) {

    echo $e;




echo "AUTH STATUS: ";

try {

    if($ad->authenticate('LDAP_username', 'hisPersonalPassword')){

        echo "OK!<br>";



        echo "FAILED!<br>";



catch (adLDAPException $e) {

    echo $e;




$info = $ad->user()->infoCollection('LDAP_username');

echo '<br>Login: '.$info->samaccountname;

echo '<br>Email: '.$info->mail;

echo '<br>Name: '.$info->displayName;

echo '<br>Tel.: '.$info->telephonenumber;

Best Regards

Thank you. I need to do all this automatically in the background. User should never see any username / password prompt. I just need some info on how to wire up the logic in the Yii2 framework. Maybe I should write my own component to handle this, not sure how this will affect any other base components of the framework.

But why do you need then login, if person is not supposed to enter login data?

I never said I needed a manual login. All this should be done automatically. I will probably try implementing a custom module in the next few days. I also might need to change AccessRule and AccessControl.