从PHP中的openLDAP获取所有可能的属性和所有objectClasses [英] Get all possible attributes and all objectClasses from openLDAP in PHP

问题描述

我必须用PHP编写LDAP编辑器. LDAP用于存储网络设备(交换机，AP等).因此，这不是正常的功能，我发现了很多问题.最大的问题是:

I have to write LDAP editor in PHP. LDAP is used for store network devices (switch,AP,..). So, it is not normal functionality and I found lot of problems. The biggest problem is:

是否可以从数据库中读取所有objectClasses以及给定objectClass的所有属性?

Is possible to read all objectClasses from database and all attributes for given objectClass?

感谢所有回复！！ 阿贾克斯

Thanks for all replies!! Ajax

推荐答案

为什么不呢?

每个服务器将有一个子模式条目，其中包含所有对象类和属性类型. (包括广告)

There will be a subschema entry per server which comprises all the objectclasses and attributetypes. (including AD)

但是子模式条目dn在每个实现中可能有所不同，可以从rootDSE属性"subschemasubentry"中查找

But the subschema entry dn may be different in each implementation, this can be looked up from rootDSE attribute "subschemasubentry"

-AD example-
ldapsearch -s base -b "" -D cn=Administrator,cn=users,dc=domain,dc=com -w 'password' -x -h 192.168.3.10 objectClass=* subschemasubentry

**OUTPUT:**
dn:
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com


-OpenLdap example-
ldapsearch -s base -b "" -D cn=Administrator,dc=capua,dc=com -w password -x -h 192.168.3.11 subschemaSubentry 

**OUTPUT:**
#
dn:
objectClass: top
objectClass: OpenLDAProotDSE
subschemaSubentry: cn=Subschema

此外，请注意搜索范围.它应该是BASE_LEVEL，否则它不会返回任何结果.

Also, note the search scope. It should be BASE_LEVEL, otherwise it wont return any result.

在此搜索之后，子模式中将找到对象类和属性类型.

After this search the subschema for objectclasses and attributetypes.

ldapsearch -s base -b "cn=subschema" -D cn=Administrator,dc=capua,dc=com -w password -x -h 192.168.3.11  objectclass=subschema objectclasses attributetypes

这将以字符串形式返回所有对象类和属性类型.您没有查询给定对象类的属性列表的选项.您只能获取所有存储的objetclass和属性的ldif输出.如果可行，您可能可以编写一个解析器或创建一些ldif对象.但是，如果是它的广告，则直接查询cn = Schema，cn = configuration可能会缺乏灵活性.

This will return all the objectclasses and attributetypes as string. You dont have an option of querying list of attribute of a given objectclass. You can ONLY get the ldif output of all stored objetclass and attribute. Probably you can write a parser or create some ldif object if that works. But if its AD you might have little flexibility by directly querying cn=Schema,cn=configuration.

看看php代码.假设$ ld已连接.某些目录服务器允许在子模式上进行匿名读取，在这种情况下，您无需绑定.

Have a look at the php code. Assuming $ld is connected. Some directory server allows anonymous read on the subschema, in which case you dont need to bind.

  //Get the subschema dn from rootDSE
  $search = ldap_read($ld, "", "objectclass=*", array('*', 'subschemasubentry'));
  $entries = ldap_get_entries($ld, $search);
  $schemadn = $entries[0]["subschemasubentry"][0];

  print "Searching ". $schemadn . "<br/>";

  // Read all objectclass, attributetype from subschema
  $schsearch = ldap_read($ld, $schemadn, "objectClass=subSchema", array('objectclasses', 'attributetypes'));
  $schentries = ldap_get_entries($ld, $schsearch);

  $count = $schentries[0]["attributetypes"]["count"];

  print "Printing all attribute types <br/>";
  for ($i=0; $i<$count; $i++)
     print $schentries[0]["attributetypes"][$i] . "<br/>";


  $count = $schentries[0]["objectclasses"]["count"];

  print "Printing all objectclasses <br/>";
  for ($i=0; $i<$count; $i++)
     print $schentries[0]["objectclasses"][$i] . "<br/>";

这篇关于从PHP中的openLDAP获取所有可能的属性和所有objectClasses的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！