Active Directory和PHP web应用程序-获取显示名称等
我已经开发了一个基本的基于web的应用程序,它使用登录系统通过PHP连接到我们的Active Directory 它根据广告进行身份验证,并将用户登录到一个基本页面,该页面回显其用户名 我真正想要的不是重复他们的用户名,而是获取他们的广告名和姓氏或显示名 这是我必须对AD进行身份验证的代码Active Directory和PHP web应用程序-获取显示名称等,php,active-directory,ldap,Php,Active Directory,Ldap,我已经开发了一个基本的基于web的应用程序,它使用登录系统通过PHP连接到我们的Active Directory 它根据广告进行身份验证,并将用户登录到一个基本页面,该页面回显其用户名 我真正想要的不是重复他们的用户名,而是获取他们的广告名和姓氏或显示名 这是我必须对AD进行身份验证的代码 <?php // Initialize session session_start(); function authenticate($user, $password) { // Active
<?php
// Initialize session
session_start();
function authenticate($user, $password) {
// Active Directory server
$ldap_host = "...";
// Active Directory DN
$ldap_dn = "OU=...,DC=...,DC=...";
// Active Directory user group
$ldap_user_group = "...";
// Active Directory manager group
$ldap_manager_group = "...";
// Domain, for purposes of constructing $user
$ldap_usr_dom = "@...";
// connect to active directory
$ldap = ldap_connect($ldap_host);
// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
// valid
// check presence in groups
$filter = "(sAMAccountName=" . $user . ")";
$attr = array("memberof");
$result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
ldap_unbind($ldap);
// check groups
foreach($entries[0]['memberof'] as $grps) {
// is manager, break loop
if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }
// is user
if (strpos($grps, $ldap_user_group)) $access = 1;
}
if ($access != 0) {
// establish session variables
$_SESSION['user'] = $user;
$_SESSION['access'] = $access;
return true;
} else {
// user has no rights
return false;
}
} else {
// invalid name or password
return false;
}
}
?>
任何帮助都将不胜感激,我对这种东西还不熟悉 你就快找到答案了。您只需要在请求返回的属性中再添加一些项。您可以更改以下行
$attr = array("memberof");
如果您希望从目录服务器返回更多人口统计信息,请单击此处
$attr = array("cn", "displayName", "givenName", "sn", "mail", "memberof");
谢谢你的回答。我已经更新了数组以使用这些属性-尽管我不确定如何提取并显示这些信息。我现在得到的是
<?php
// Initialize session
session_start();
function authenticate($user, $password) {
// Active Directory server
$ldap_host = " ";
// Active Directory DN
$ldap_dn = " ";
// Active Directory user group
$ldap_user_group = " ";
// Active Directory manager group
$ldap_manager_group = " ";
// Domain, for purposes of constructing $user
$ldap_usr_dom = " ";
// connect to active directory
$ldap = ldap_connect($ldap_host);
// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
// valid
// check presence in groups
$filter = "(sAMAccountName=" . $user . ")";
$attr = array("cn", "displayName", "givenName", "sn", "mail", "memberof");
$result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
$displayname = $entries[0]['displayName'];
ldap_unbind($ldap);
// check groups
foreach($entries[0]['memberof'] as $grps) {
// is manager, break loop
if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }
// is user
if (strpos($grps, $ldap_user_group)) $access = 1;
}
if ($access != 0) {
// establish session variables
$_SESSION['user'] = $user;
$_SESSION['access'] = $access;
$_SESSION['displayName'] = $displayname;
return true;
} else {
// user has no rights
echo "<script type='text/javascript'>alert('You have no access to this page.')</script>";
return false;
}
} else {
// invalid name or password
return false;
}
}
?>