从某一个组的LDAP活动目录验证用户 [英] Authenticating users from a certain group ldap active directory
问题描述
我想只有一个(教师)组用户能够访问某个网页上我的网站。
本页面只是为了通过教师待观察。
在Active Directory中,我们称之为教师一组
下面是code片断我不得不通过LDAP / Active Directory来验证用户身份,但我只想authenicate用户是教师组内的。
$ LDAP = ldap_connect(ldap.domain.com)
如果($绑定=的ldap_bind($ LDAP,$ _ POST ['用户名'],$ _ POST ['密码'])){
//登录他们!
} 其他 {
// 错误信息
}
公元商店上组的成员列表,而不是组成员的用户,所以你必须获取CN =教师,OU =不管,DC = ACME ,DC = COM对象成员列表,看看这个用户列。如果是这样,那就让他们尝试和绑定,而如果它成功继续。
我测试对于组成员测试绑定之前,由于绑定通常比一个查询更昂贵。
I want only a (faculty) group of users to be able to access a certain web page on my website.
This page is only meant to be seen by faculty.
Within active directory, we have a group called "faculty"
Here is a snippet of code I have to authenticate users via ldap/active directory, but I want to only authenicate users that are within the faculty group.
$ldap = ldap_connect("ldap.domain.com")
if($bind = ldap_bind($ldap, $_POST['username'], $_POST['password'])) {
// log them in!
} else {
// error message
}
AD stores the Member list on Groups, not the Group Membership on users, so you would have to retrieve the cn=faculty,ou=whatever,dc=acme,dc=com objects Member list, and see if this user is listed. If they are, then let them try and bind, which if it succeeds continue.
I would test for the group membership before testing the bind, since a bind is usually more expensive than a query.
这篇关于从某一个组的LDAP活动目录验证用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!