PHP LDAP获取用户属性,包括关联的组
使用LDAP/PHP在当前用户上运行搜索以检索所有属性(包括Active Directory中的关联组)的最佳方法是什么 对于属性,主要是名、姓和显示名 对于关联的组,只有用户所属的组,例如memberOf函数 我尝试了一些选项,但似乎无法获得正确的筛选/搜索组合,大多数示例都涉及检索已知组的用户列表 我尝试在成功绑定后运行此命令:PHP LDAP获取用户属性,包括关联的组,php,active-directory,ldap,Php,Active Directory,Ldap,使用LDAP/PHP在当前用户上运行搜索以检索所有属性(包括Active Directory中的关联组)的最佳方法是什么 对于属性,主要是名、姓和显示名 对于关联的组,只有用户所属的组,例如memberOf函数 我尝试了一些选项,但似乎无法获得正确的筛选/搜索组合,大多数示例都涉及检索已知组的用户列表 我尝试在成功绑定后运行此命令: $attributes = array("displayname"); $filter = "(&(sAMAccountName=$username))";
$attributes = array("displayname");
$filter = "(&(sAMAccountName=$username))";
$result = ldap_search($ds, $ldapconfig['basedn'], $filter, $attributes);
$entries = ldap_get_entries($ds, $result);
if($entries["count"] > 0){
echo "displayName: ".$entries[0]['displayname'][0]."<br/>";
} else {
echo("msg:'".ldap_error($ds)."'</br>");
}
以下是我们用于转储广告信息的脚本,可能会对您有所帮助:
<?php
$ldap_columns = NULL;
$ldap_connection = NULL;
$ldap_password = 'top_secret_password';
$ldap_username = 'top_secret_username@'.LDAP_DOMAIN;
//------------------------------------------------------------------------------
// Connect to the LDAP server.
//------------------------------------------------------------------------------
$ldap_connection = ldap_connect(LDAP_HOSTNAME);
if (FALSE === $ldap_connection){
die("<p>Failed to connect to the LDAP server: ". LDAP_HOSTNAME ."</p>");
}
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
if (TRUE !== ldap_bind($ldap_connection, $ldap_username, $ldap_password)){
die('<p>Failed to bind to LDAP server.</p>');
}
//------------------------------------------------------------------------------
// Get a list of all Active Directory users.
//------------------------------------------------------------------------------
$ldap_base_dn = 'DC=xyz,DC=local';
$search_filter = "(&(objectCategory=person))";
$result = ldap_search($ldap_connection, $ldap_base_dn, $search_filter);
if (FALSE !== $result){
$entries = ldap_get_entries($ldap_connection, $result);
if ($entries['count'] > 0){
$odd = 0;
foreach ($entries[0] AS $key => $value){
if (0 === $odd%2){
$ldap_columns[] = $key;
}
$odd++;
}
echo '<table class="data">';
echo '<tr>';
$header_count = 0;
foreach ($ldap_columns AS $col_name){
if (0 === $header_count++){
echo '<th class="ul">';
}else if (count($ldap_columns) === $header_count){
echo '<th class="ur">';
}else{
echo '<th class="u">';
}
echo $col_name .'</th>';
}
echo '</tr>';
for ($i = 0; $i < $entries['count']; $i++){
echo '<tr>';
$td_count = 0;
foreach ($ldap_columns AS $col_name){
if (0 === $td_count++){
echo '<td class="l">';
}else{
echo '<td>';
}
if (isset($entries[$i][$col_name])){
$output = NULL;
if ('lastlogon' === $col_name || 'lastlogontimestamp' === $col_name){
$output = date('D M d, Y @ H:i:s', ($entries[$i][$col_name][0] / 10000000) - 11676009600); // See note below
}else{
$output = $entries[$i][$col_name][0];
}
echo $output .'</td>';
}
}
echo '</tr>';
}
echo '</table>';
}
}
ldap_unbind($ldap_connection); // Clean up after ourselves.
?>
用户建议使用116444473600代替1167609600。我可以确认116444473600在Linux环境中是正确的-我猜inventor96在Windows环境中。谢谢您的评论。我用我尝试过的一个解决方案编辑了原始问题,该解决方案运行了对display name属性的搜索,其中sAMAccountName等于当前用户。它返回了一个“没有这样的对象”错误。实际上,您所做的是省略ldap_搜索的第四个参数($attributes),以便返回所有属性。您可能希望将此添加到您的答案中,以解释如何获取转储/调试所需的数据
( [count] => 1 [0] => Array ( [cn] => Array ( [count] => 1 [0] => George ) [0] => cn [givenname] => Array ( [count] => 1 [0] => George ) [1] => givenname [memberof] => Array ( [count] => 4 [0] => CN=EQCStaff,CN=Users,DC=EQC,DC=local [1] => CN=RDS Users,OU=Security Groups,OU=Service,DC=EQC,DC=local [2] => CN=SFTP Client Folders,OU=Security Groups,OU=Service,DC=EQC,DC=local [3] => CN=EQC Staff,OU=Security Groups,OU=Service,DC=EQC,DC=local ) [2] => memberof [samaccountname] => Array ( [count] => 1 [0] => gortiz ) [3] => samaccountname [mail] => Array ( [count] => 1 [0] => user@domain.com ) [4] => mail [count] => 5 [dn] => CN=George,OU=Users,OU=Accounts,DC=EQC,DC=local ) )
<?php
$ldap_columns = NULL;
$ldap_connection = NULL;
$ldap_password = 'top_secret_password';
$ldap_username = 'top_secret_username@'.LDAP_DOMAIN;
//------------------------------------------------------------------------------
// Connect to the LDAP server.
//------------------------------------------------------------------------------
$ldap_connection = ldap_connect(LDAP_HOSTNAME);
if (FALSE === $ldap_connection){
die("<p>Failed to connect to the LDAP server: ". LDAP_HOSTNAME ."</p>");
}
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
if (TRUE !== ldap_bind($ldap_connection, $ldap_username, $ldap_password)){
die('<p>Failed to bind to LDAP server.</p>');
}
//------------------------------------------------------------------------------
// Get a list of all Active Directory users.
//------------------------------------------------------------------------------
$ldap_base_dn = 'DC=xyz,DC=local';
$search_filter = "(&(objectCategory=person))";
$result = ldap_search($ldap_connection, $ldap_base_dn, $search_filter);
if (FALSE !== $result){
$entries = ldap_get_entries($ldap_connection, $result);
if ($entries['count'] > 0){
$odd = 0;
foreach ($entries[0] AS $key => $value){
if (0 === $odd%2){
$ldap_columns[] = $key;
}
$odd++;
}
echo '<table class="data">';
echo '<tr>';
$header_count = 0;
foreach ($ldap_columns AS $col_name){
if (0 === $header_count++){
echo '<th class="ul">';
}else if (count($ldap_columns) === $header_count){
echo '<th class="ur">';
}else{
echo '<th class="u">';
}
echo $col_name .'</th>';
}
echo '</tr>';
for ($i = 0; $i < $entries['count']; $i++){
echo '<tr>';
$td_count = 0;
foreach ($ldap_columns AS $col_name){
if (0 === $td_count++){
echo '<td class="l">';
}else{
echo '<td>';
}
if (isset($entries[$i][$col_name])){
$output = NULL;
if ('lastlogon' === $col_name || 'lastlogontimestamp' === $col_name){
$output = date('D M d, Y @ H:i:s', ($entries[$i][$col_name][0] / 10000000) - 11676009600); // See note below
}else{
$output = $entries[$i][$col_name][0];
}
echo $output .'</td>';
}
}
echo '</tr>';
}
echo '</table>';
}
}
ldap_unbind($ldap_connection); // Clean up after ourselves.
?>