Php 如何查找LDAP的帐户后缀
我正在尝试设置bhLDAPAuthPlugin以通过Active Directory进行身份验证。我在配置身份验证设置时遇到问题 在adLDAP.php文件中,以下是默认设置:Php 如何查找LDAP的帐户后缀,php,active-directory,ldap,symfony-1.4,Php,Active Directory,Ldap,Symfony 1.4,我正在尝试设置bhLDAPAuthPlugin以通过Active Directory进行身份验证。我在配置身份验证设置时遇到问题 在adLDAP.php文件中,以下是默认设置: class adLDAP { // BEFORE YOU ASK A QUESTION, PLEASE READ THE DOCUMENTATION AND THE FAQ // http://adldap.sourceforge.net/documentation.php // http://a
class adLDAP {
// BEFORE YOU ASK A QUESTION, PLEASE READ THE DOCUMENTATION AND THE FAQ
// http://adldap.sourceforge.net/documentation.php
// http://adldap.sourceforge.net/faq.php
// You can set your default variables here, or when you invoke the class
var $_account_suffix="@mydomain.local";
var $_base_dn = "DC=mydomain,DC=local";
// An array of domain controllers. Specify multiple controllers if you
// would like the class to balance the LDAP queries amongst multiple servers
var $_domain_controllers = array ("dc01.mydomain.local");
// optional account with higher privileges for searching
// not really that optional because you can't query much as a user
var $_ad_username=NULL;
var $_ad_password=NULL;
// AD does not return the primary group. http://support.microsoft.com/?kbid=321360
// This tweak will resolve the real primary group, but may be resource intensive.
// Setting to false will fudge "Domain Users" and is much faster. Keep in mind though that if
// someone's primary group is NOT domain users, this is obviously going to bollocks the results
var $_real_primarygroup=true;
// Use SSL, your server needs to be setup, please see - http://adldap.sourceforge.net/ldap_ssl.php
var $_use_ssl=false;
// When querying group memberships, do it recursively
// eg. User Fred is a member of Group A, which is a member of Group B, which is a member of Group C
// user_ingroup("Fred","C") will returns true with this option turned on, false if turned off
var $_recursive_groups=false;
// You should not need to edit anything below this line
//******************************************************************************************
这个问题可能看起来很抽象,但我如何确定这个信息
在插件的文档中,它说account_后缀应该是我连接的域,但我发现其他文档列出了具体参数,如组织:
account_suffix = "ou=People, o=domain.edu";
如何找到要使用的目录?如果您有访问Active Directory的权限并有运行Active Directory用户和计算机的权限,您可以非常轻松地解决这个问题 首先,出于向后兼容性的原因,AD使用“域”对象,这是LDAP中的dc=对象。因此后缀可能是dc=domain、dc=com或类似的形式 您的广告管理员可能已选择将用户保留在默认用户容器中,该容器实际上是cn=users,而不是您所期望的ou=users 或者他们为用户存储制作了一系列OU。完全取决于他们 在ADUC中,您可以看到位于最顶端的域名作为最根节点的布局。这将是domain.com或类似的,这意味着dc=domain,一端是dc=com 然后四处查看用户的存储位置(或者至少是您希望使用此服务的用户),然后为每个OU添加一个OU=whatever到dc=domain,dc=com