尝试获取用户数据时LDAP上的搜索过滤器错误 [英] Bad search filter on LDAP when trying to get user data
问题描述
我在这里对LDAP十分了解,所以请让我知道我是否完全以错误的方式进行此操作.
I am fresh out of the box here with LDAP, so let me know if I am doing this in the completely wrong fashion.
我正在使用bhLDAPAuthPlugin插件使用Symfony 1.4
I am working with Symfony 1.4 using the bhLDAPAuthPlugin plugin
我正在验证使用LDAP的用户登录.但是,LDAP表中还有更多我想使用用户名查询的数据.因此,我正在编写此搜索功能以根据用户名过滤结果:
I am verifying user login with LDAP. However, there is more data in the LDAP table that I would like to query using the username. So I am writing this search function to filter results according to the username:
function user_values($username) {
if (!$username) {
die ("Username is not there man!");
}
if (!$this->_conn) {
die ("No Connection.");
}
if (!$this->_base_dn) {
die ("No Base.");
}
$filter="samaccountname=".$username;
$attributes_ad = array("name");
$result = ldap_search($this->_conn, $this->_base_dn, $filter, $attributes_ad)
or die ("Error in search query");
$entries = ldap_get_entries($this->_conn, $result);
return($entries);
}
我遇到了错误:
警告:ldap_search():搜索:/...搜索查询中的搜索过滤器错误
当我运行查询时.
前三个"if"只是为了确保我得到了正确的搜索参数.该条件在实际搜索中失败.
The first three "if's" are there just to assure I was getting the correct parameters for the search. The condition fails on the actual search.
有什么建议吗?
更新
用户名变量为jtesting
The username variable is jtesting
我将$ username从函数中拉出,然后将其放入搜索参数中.实际上是(jtesting).我将删除括号,然后看看是否可以解决该问题.
I pulled the $username from the function, before it gets put in the search parameter. It is actually (jtesting). I am going to remove the parenthesis, and see if that remedies the problem.
推荐答案
为了在过滤器的断言值中使用括号,必须对括号进行转义.声明值为samAccountName=(jtesting)
的搜索过滤器应编码为samAccountName=\28jtesting\29
.整个断言值可以括在不能转义的括号中,在这种情况下,过滤器变为(samAccountName=\28jtesting\29)
.
In order to use parentheses in the assertion value of a filter the parenthese must be escaped. A search filter where the assertion value is samAccountName=(jtesting)
should be encoded as samAccountName=\28jtesting\29
. The entire assertion value may be enclosed in parentheses which are not escaped, in which case the filter becomes (samAccountName=\28jtesting\29)
.
- LDAP: Search Filters
- String Representation of Search Filters
这篇关于尝试获取用户数据时LDAP上的搜索过滤器错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!