PHP LDAP获取用户属性,包括关联的群组 [英] PHP LDAP Get User Attributes, Including Associated Groups
本文介绍了PHP LDAP获取用户属性,包括关联的群组的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
什么是运行在当前用户的搜索来检索所有属性的最佳方法,其中包括使用LDAP / PHP在Active Directory中相关群体?
有关属性,主要只是姓,名,和显示名称。
有关关联的组,只要这些组的用户是一个成员,如的memberOf功能
我已经尝试了几个选项,但似乎无法得到正确的过滤器/搜索组合最例子包括获取用户的名单,其中有一个已知的组。
我已经尝试了成功绑定后,运行以下命令:
$属性=阵列(显示名称);
$过滤器=(及(sAMAccountName赋= $的用户名));
$结果= ldap_search($ DS,$ ldapconfig ['的baseDn'],$过滤器,$属性);
$输入= ldap_get_entries($ DS,$结果);
如果($项[数量] 0){
。回声的displayName:$条目[0] [显示名'] [0]&所述峰; br />中;
} 其他 {
回声(信息:。ldap_error($ DS)'< / BR>中);
}
它返回以下错误:没有这样的对象
。更新:
这是我试过和我能够得到的结果时,我的print_r的$信息变量的最新块,但是对于条款仍然犯错误的某处。我改变只是直流属性的BaseDN的:
$过滤器=($ SearchField = $ SearchFor);
$ SR = ldap_search($ DS,$ BaseDN中,$过滤器,$ LDAPFieldsToFind);
$信息= ldap_get_entries($ DS,$ SR);
如果($信息[数量] 0){
为($ x = 0; $ X< $信息[数量]; $ X ++){
$ SAM = $信息[$ X] ['SAM帐户'] [0];
$ GIV = $信息[$ X] ['给定名称'] [0];
$联系电话= $信息[$ X] ['telephonenumber'] [0];
$电子邮件= $信息[$ X] ['邮件'] [0];
$南= $信息[$ X] ['CN'] [0];
$ DIR = $信息[$ X] ['home目录'] [0];
$ DIR =用strtolower($目录);
$ POS = strpos($目录,家);
$ POS = $ POS + 5;
如果(stristr($ SAM,$ SearchFor)及及(strlen的($迪尔)→8)){
打印\ nActive目录说:\ N的;
打印CN是:$南\ N;
打印SAM帐户名是:$山姆\ N;
打印给定的名称是:$ GIV\ N;
打印电话是:$联系电话\ N;
打印主目录是:$目录\ N;
}
}
}
结果的的print_r是:
([计数] => 1 [0] =>阵列([CN] =>阵列([计数] => 1 [0] =>乔治· )[0] => CN [给定名称] =>阵列([计数] => 1 [0] =>乔治)[1] =>给定名称[的memberOf] =>阵列([计数] = →4 [0] => CN = EQCStaff,CN =用户,DC = EQC,DC =本地[1] => CN = RDS用户,OU =安全组,OU =服务,DC = EQC,DC =本地[2] => CN = SFTP客户端文件夹,OU =安全组,OU =服务,DC = EQC,DC =本地[3] => CN = EQC工作人员,OU =安全组,OU =服务,DC = EQC,DC =本地)[2] =>的memberOf [SAM帐户] =>阵列([计数] => 1 [0] => gortiz)[3] => SAM帐户[邮件] =>阵列([计数] => 1 [0] => user@domain.com)[4] =>邮件[计数] => 5 [DN] => CN =乔治,OU =用户,欧=帐户,DC = EQC,DC =本地))
解决方案
下面是一个脚本,我们有倾倒AD信息,也许这将帮助你:
< PHP
$ ldap_columns = NULL;
$ ldap_connection = NULL;
$ ldap_password ='top_secret_password';
$ ldap_username ='top_secret_username@'.LDAP_DOMAIN;
// ------------------------------------------------ ------------------------------
//连接到LDAP服务器。
// ------------------------------------------------ ------------------------------
$ ldap_connection = ldap_connect(LDAP_HOSTNAME);
如果(FALSE === $ ldap_connection){
死亡(< P>无法连接到LDAP服务器:LDAP_HOSTNAME< / P>中。);
}
ldap_set_option($ ldap_connection,LDAP_OPT_PROTOCOL_VERSION,3)或死亡(无法设置LDAP协议版本');
ldap_set_option($ ldap_connection,LDAP_OPT_REFERRALS,0); //我们需要这个做一个LDAP搜索。
如果(TRUE!==的ldap_bind($ ldap_connection,$ ldap_username,$ ldap_password)){
死亡('< P>未能绑定到LDAP服务器16; / P>');
}
// ------------------------------------------------ ------------------------------
//获取所有Active Directory用户的列表。
// ------------------------------------------------ ------------------------------
$ ldap_base_dn ='DC = XYZ,DC =本地;
$ search_filter =(及(objectCategory属性=人));
$结果= ldap_search($ ldap_connection,$ ldap_base_dn,$ search_filter);
如果(假!== $结果){
$输入= ldap_get_entries($ ldap_connection,$结果);
如果($条目['计数']&0){
$奇数= 0;
的foreach($项[0] AS $键=> $值){
如果(0 === $奇数%2){
$ ldap_columns [] = $键;
}
$奇++;
}
回声'<表类=数据>';
回声'< TR>';
$ header_count = 0;
的foreach($ ldap_columns AS $ COL_NAME){
如果(0 === $ header_count ++){
回声百分位类=UL>';
}否则,如果(计数($ ldap_columns)=== $ header_count){
回声百分位类=UR>';
}其他{
回声百分位类=U>';
}
回声$ COL_NAME'< /第i个。
}
回声'< / TR>';
为($ i = 0; $ I< $项['伯爵']; $ I ++){
回声'< TR>';
$ td_count = 0;
的foreach($ ldap_columns AS $ COL_NAME){
如果(0 === $ td_count ++){
回声'< TD类=L>';
}其他{
回声'< TD>';
}
如果(使用isset($项[$ i] [$ COL_NAME])){
$输出= NULL;
如果(lastlogon'=== $ COL_NAME ||'的lastLogonTimestamp'=== $ COL_NAME){
$输出=日期(DM D,Y @ H:我:S'($项[$ i] [$ COL_NAME] [0] / 10000000) - 11676009600);
}其他{
$输出= $项[$ i] [$ COL_NAME] [0];
}
回声$输出'< / TD>。
}
}
回声'< / TR>';
}
回声'< /表>';
}
}
ldap_unbind($ ldap_connection);经过自己//清理。
?>
What is the best way to run a search on the current user to retrieve all attributes, including associated groups in Active Directory using LDAP / PHP?
For attributes, mainly just first name, last name, and display name.
For associated groups, just the groups the user is a member of, such as the memberOf function.
I've tried a few options, but can't seem to get the right filter / search combination and most examples cover retrieving lists of users where there's a known group.
I've tried running this after a successful bind:
$attributes = array("displayname");
$filter = "(&(sAMAccountName=$username))";
$result = ldap_search($ds, $ldapconfig['basedn'], $filter, $attributes);
$entries = ldap_get_entries($ds, $result);
if($entries["count"] > 0){
echo "displayName: ".$entries[0]['displayname'][0]."<br/>";
} else {
echo("msg:'".ldap_error($ds)."'</br>");
}
Which returns the following error: "No such object".
UPDATE:
This is the latest block I've tried and am able to get results when I print_r the $info variable, however the for clause is still erring out somewhere. I changed the basedn to just the dc attributes:
$filter="($SearchField=$SearchFor)";
$sr=ldap_search($ds, $basedn, $filter, $LDAPFieldsToFind);
$info = ldap_get_entries($ds, $sr);
if($info["count"] > 0) {
for ($x=0; $x<$info["count"]; $x++) {
$sam=$info[$x]['samaccountname'][0];
$giv=$info[$x]['givenname'][0];
$tel=$info[$x]['telephonenumber'][0];
$email=$info[$x]['mail'][0];
$nam=$info[$x]['cn'][0];
$dir=$info[$x]['homedirectory'][0];
$dir=strtolower($dir);
$pos=strpos($dir,"home");
$pos=$pos+5;
if (stristr($sam, $SearchFor) && (strlen($dir) > 8)) {
print "\nActive Directory says that:\n";
print "CN is: ".$nam." \n";
print "SAMAccountName is: ".$sam." \n";
print "Given Name is: ".$giv." \n";
print "Telephone is: ".$tel." \n";
print "Home Directory is: ".$dir." \n";
}
}
}
The print_r of the results are:
( [count] => 1 [0] => Array ( [cn] => Array ( [count] => 1 [0] => George ) [0] => cn [givenname] => Array ( [count] => 1 [0] => George ) [1] => givenname [memberof] => Array ( [count] => 4 [0] => CN=EQCStaff,CN=Users,DC=EQC,DC=local [1] => CN=RDS Users,OU=Security Groups,OU=Service,DC=EQC,DC=local [2] => CN=SFTP Client Folders,OU=Security Groups,OU=Service,DC=EQC,DC=local [3] => CN=EQC Staff,OU=Security Groups,OU=Service,DC=EQC,DC=local ) [2] => memberof [samaccountname] => Array ( [count] => 1 [0] => gortiz ) [3] => samaccountname [mail] => Array ( [count] => 1 [0] => user@domain.com ) [4] => mail [count] => 5 [dn] => CN=George,OU=Users,OU=Accounts,DC=EQC,DC=local ) )
解决方案
Here's a script we have for dumping AD information, maybe it will help you:
<?php
$ldap_columns = NULL;
$ldap_connection = NULL;
$ldap_password = 'top_secret_password';
$ldap_username = 'top_secret_username@'.LDAP_DOMAIN;
//------------------------------------------------------------------------------
// Connect to the LDAP server.
//------------------------------------------------------------------------------
$ldap_connection = ldap_connect(LDAP_HOSTNAME);
if (FALSE === $ldap_connection){
die("<p>Failed to connect to the LDAP server: ". LDAP_HOSTNAME ."</p>");
}
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
if (TRUE !== ldap_bind($ldap_connection, $ldap_username, $ldap_password)){
die('<p>Failed to bind to LDAP server.</p>');
}
//------------------------------------------------------------------------------
// Get a list of all Active Directory users.
//------------------------------------------------------------------------------
$ldap_base_dn = 'DC=xyz,DC=local';
$search_filter = "(&(objectCategory=person))";
$result = ldap_search($ldap_connection, $ldap_base_dn, $search_filter);
if (FALSE !== $result){
$entries = ldap_get_entries($ldap_connection, $result);
if ($entries['count'] > 0){
$odd = 0;
foreach ($entries[0] AS $key => $value){
if (0 === $odd%2){
$ldap_columns[] = $key;
}
$odd++;
}
echo '<table class="data">';
echo '<tr>';
$header_count = 0;
foreach ($ldap_columns AS $col_name){
if (0 === $header_count++){
echo '<th class="ul">';
}else if (count($ldap_columns) === $header_count){
echo '<th class="ur">';
}else{
echo '<th class="u">';
}
echo $col_name .'</th>';
}
echo '</tr>';
for ($i = 0; $i < $entries['count']; $i++){
echo '<tr>';
$td_count = 0;
foreach ($ldap_columns AS $col_name){
if (0 === $td_count++){
echo '<td class="l">';
}else{
echo '<td>';
}
if (isset($entries[$i][$col_name])){
$output = NULL;
if ('lastlogon' === $col_name || 'lastlogontimestamp' === $col_name){
$output = date('D M d, Y @ H:i:s', ($entries[$i][$col_name][0] / 10000000) - 11676009600);
}else{
$output = $entries[$i][$col_name][0];
}
echo $output .'</td>';
}
}
echo '</tr>';
}
echo '</table>';
}
}
ldap_unbind($ldap_connection); // Clean up after ourselves.
?>
这篇关于PHP LDAP获取用户属性,包括关联的群组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
