What are the best practices for integrating LDAP authentication with PHP for Windows user verification?

Integrating LDAP authentication with PHP for Windows user verification involves connecting to an LDAP server, binding with a user's credentials, and then searching for the user in the directory. It is essential to securely handle user input and properly configure the LDAP connection settings to ensure a successful authentication process.

<?php
$ldapserver = 'ldap://your_ldap_server';
$ldapuser = 'domain\username'; // Windows user
$ldappass = 'password';
$ldaptree = 'OU=Users,DC=example,DC=com'; // LDAP path to user container

$ldapconn = ldap_connect($ldapserver) or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

if ($ldapconn) {
    $ldapbind = ldap_bind($ldapconn, $ldapuser, $ldappass);

    if ($ldapbind) {
        $result = ldap_search($ldapconn, $ldaptree, "(sAMAccountName=your_windows_username)");
        $info = ldap_get_entries($ldapconn, $result);

        if ($info['count'] > 0) {
            echo "User authenticated successfully.";
        } else {
            echo "User not found in LDAP directory.";
        }
    } else {
        echo "LDAP bind failed.";
    }
} else {
    echo "LDAP connection failed.";
}

ldap_close($ldapconn);
?>