使用Zend_Ldap查询用户的所有组 [英] Query all groups of a user using Zend_Ldap
问题描述
由于我对ldap(开放目录)一点都不熟悉,而且我在了解如何实际查询特定用户的组时遇到了一些麻烦,因此我没有什么可展示的.使用Zend_Auth_Adapter_Ldap(),
I haven't really got much to show because I'm not overly familiar with ldap (Open Directory) at all and I'm having a bit of trouble understanding how to actually query the groups of a particular user. Using Zend_Auth_Adapter_Ldap(),
$ldap = array(
array('host' => 'od-master.foobar.net',
'baseDn' => 'cn=users,dc=foobar,dc=net',
'bindRequiresDn' => true,
'accountCanonicalForm' => 2));
$authAdapter = new Zend_Auth_Adapter_Ldap($ldap);
// Set the input credential values to authenticate against
$authAdapter->setIdentity($form->getValue('username'));
$authAdapter->setCredential($form->getValue('password'));
//etc
我的帐户已通过身份验证,但是现在我需要检索该用户所属的组的列表.我一般都不是不先尝试就寻求帮助的人,但我什至无法做到这一点.任何帮助,我们将不胜感激.
I have the account being authenticated, but now I need to retrieve a list of groups this user belongs to. I'm not generally one to ask for help without trying stuff first, but I can't even get to that point. Any help is greatly appreciated.
如果我的问题不太明显:如何查询特定用户的所有组?
In case my question wasn't obvious: how do you query all the groups of a particular user?
=====编辑=====
===== EDIT =====
根据给出的建议,这是我最近的尝试:
As per suggestions given, this was my latest attempt:
$attributes = array('memberOf'); //also tried member
$users = $ldapAdapter->search('cn=username', $ldapAdapter->getBaseDn(), Zend_Ldap::SEARCH_SCOPE_SUB, $attributes);
foreach ($users as $user) {
var_dump($user);
}
我也确实尝试在Zend_Ldap之外执行此操作,但未成功.
I did also try to do this outside of Zend_Ldap unsuccessfully.
$attributes = array('memberOf'); //also tried member
$result = ldap_search($ldapAdapter->getResource(), $baseDn, 'cn=username', $attributes);
$info = ldap_get_entries($ldapAdapter->getResource(), $result);
这将导致一个空数组.任何进一步的指示将不胜感激.
Which results in an empty array. Any further direction would be greatly appreciated.
=====编辑2 =====
===== EDIT 2 =====
因此,我尝试完全删除Zend_Ldap,以便可以更轻松地进行测试,这就是我最终得到的结果,该结果返回array('count'=> 0).
So I tried to completely remove Zend_Ldap so I can test things easier, here is what I ended up with which results in array('count' => 0) returned.
$resource = ldap_connect('od-master.foobar.net', 389);
ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3);
$bind = ldap_bind($resource, 'uid=johnc,cn=users,dc=foobar,dc=net', '***');
$result = ldap_search($resource, 'cn=users,dc=foobar,dc=net', '(cn=username)');
$info = ldap_get_entries($resource, $result);
推荐答案
您只需添加以cn=username之类的过滤器对名为memberOf的属性进行点头cn=users,dc=foobar,dc=net的Ldap_Search.
You just add to make a Ldap_Search in nod cn=users,dc=foobar,dc=net with a filter like cn=username for an attribute called memberOf.
在LDAP中编写SEARCH时,您会给出:
When you write a SEARCH in LDAP you give :
- 开始搜索的地点的DN
- 您想要获取的属性
- 过滤器((&(cn = username))
- 搜索的深度,这里是子树(不是OneLevel,也不是基础)
这篇关于使用Zend_Ldap查询用户的所有组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
