Outlook 2010, Ms SharePoint and other systems use AD to store profile-images per user. This data is pretty much a pain to get to, mostly because of weirdness in the php-functions made for accessing LDAP. After spending quite some time, I managed to put together a working script that takes one parameter, sAMAccountName. Based on that alone, it fetches the image from the defined ldap server and displays it if availiable. If it’s not, the script streams noPic.jpg so you give aresponse on that as well.
<?php
$host = "some.ldap.server.domain.com";
$ldapUserDN = "CN=userAllowedSearching,CN=Users,DC=domain,DC=com";
$ldapPwd = "cleverPassword";
$base_dn = "dc=domain,dc=com";
$sAMAccountToFind = $_GET["user"];
$ds=ldap_connect($host);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ds, LDAP_OPT_REFERRALS,0);
$r=ldap_bind($ds, $ldapUserDN, $ldapPwd);
$sr=ldap_search($ds, $base_dn, "(sAMAccountname=".$sAMAccountToFind.")", array("jpegPhoto"));
if ($sr) {
$ei=ldap_first_entry($ds, $sr);
if ($ei) {
$info = ldap_get_values_len($ds, $ei, "jpegPhoto");
header("Content-type: image/jpeg");
if(!$info) $info = readfile("noPic.jpg");
}
echo $info[0];
}
ldap_unbind($ds);
?>