Php 使用LDAP从Active Directory获取用户凭据
我有一个使用Laravel框架编写的应用程序,在这个应用程序中,我可以直接从Active Directory获取有关用户的详细信息 步骤如下:Php 使用LDAP从Active Directory获取用户凭据,php,active-directory,ldap,Php,Active Directory,Ldap,我有一个使用Laravel框架编写的应用程序,在这个应用程序中,我可以直接从Active Directory获取有关用户的详细信息 步骤如下: 点击内部网域 应用程序使用以下命令确定用户的IP地址:$user\u IP=$request->IP() 将用户重定向到本地托管服务器上的域,该服务器包含以下脚本: 可更新的内部网 var UN=“”; var CN=“”; var DN=“”; var JT=“”; var DP=“”; var=”; var EM=“”; var DD=“”;
$user\u IP=$request->IP()
可更新的内部网
var UN=“”;
var CN=“”;
var DN=“”;
var JT=“”;
var DP=“”;
var=”;
var EM=“”;
var DD=“”;
var MO=“”;
var MUN=“”;
var MCN=“”;
var form=$(document.createElement('form');
$(表单).attr(“操作”https://mynewable.co.uk/");
$(form.attr(“方法”、“发布”);
$(form).css(“显示”、“无”);
变量输入\用户\名称=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“联合国”)
val先生(联合国);
$(表单)。追加($(输入用户名));
变量输入\容器\名称=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“CN”)
val先生(中国);
$(表单).append($(输入容器名称));
变量输入\显示\名称=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“DN”)
.val(DN);
$(表格)。追加($(输入\显示\名称));
变量输入\作业\标题=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“JT”)
.val(JT);
$(表格)。追加($(输入工作名称));
变量输入\部门=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“DP”)
.val(DP);
$(表格)。追加($(输入部门));
变量输入\部门=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“DP”)
.val(DP);
$(表格)。追加($(输入部门));
变量输入\办公室=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“名称”)
.val(OF);
$(表格)。附加($(输入办公室));
变量输入\电子邮件=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“EM”)
.val(EM);
$(表格)。追加($(输入电子邮件));
变量输入\ u DDI=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“DD”)
.val(DD);
$(表单).append($(input_DDI));
var input_Mobile=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“MO”)
.val(MO);
$(表格)。追加($(输入\移动));
变量输入\u管理器\u Uname=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“MUN”)
.val(MUN);
$(表格)。追加($(输入管理器);
变量输入\u管理器\u Cname=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“MCN”)
.val(MCN);
$(表格)。追加($(输入管理器名称));
var Tholia=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“Tholia”)
.val(“真实”);
附加($(Tholia));
变量输入_conf=$(“”)
.attr(“类型”、“文本”)
.attr(“名称”、“确认”)
.val(“1”);
$(form).append($(input_conf));
var sub=$(“”)
.attr(“类型”、“提交”)
.val(“提交”);
$(表格)。追加($(子));
表.附录(文件.正文);
$(表单).submit();
肯定有更好的方法吗?您应该使用适合您描述的用例的适当规范;像OpenID Connect。这个脚本有什么意义?您需要将用户数据从广告同步到您的网站吗?“我不能直接从web服务器连接到广告”你实际上是在绑定到它,并使用php做所有的事情。。。为什么你要把这些数据传递给客户端,而只需要发布它们呢?为什么不使用curl?我不明白你为什么这么做,但只要你通过HTTPS发帖,我就看不出有什么不安全的地方。我同意你们两个的观点,但我需要能够重定向和发送数据。如果我使用CURL,我还可以重定向吗?
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>Newable Intranet</title>
</head>
<body>
<div id="container">
<?php
$login = $_SERVER['AUTH_USER'];
$username = substr($_SERVER['AUTH_USER'], 6);
//LDAP Bind paramters, need to be a normal AD User account.
$ldap_password = 'xxxxxx';
$ldap_username = 'xxxxxx';
$ldap_connection = ldap_connect("xxxxxx");
if (FALSE === $ldap_connection)
{
// Uh-oh, something is wrong...
echo 'Unable to connect to the ldap server';
}
else{
// Do nothing
}
// We have to set this option for the version of Active Directory we are using.
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
if (TRUE === ldap_bind($ldap_connection, $ldap_username, $ldap_password))
{
//Your domains DN to query
$ldap_base_dn = 'OU=users,OU=company,DC=gleps,DC=local';
//Get standard users and contacts
$search_filter = '(|(objectCategory=user)(objectCategory=person))';
//Connect to LDAP
$result = ldap_search($ldap_connection, $ldap_base_dn, $search_filter);
if (FALSE !== $result)
{
$entries = ldap_get_entries($ldap_connection, $result);
// Uncomment the below if you want to write all entries to debug somethingthing
// var_dump($entries);
//For each account returned by the search
for ($x=0; $x<$entries['count']; $x++)
{
//Windows Usernaame
$LDAP_samaccountname = "";
if (!empty($entries[$x]['samaccountname'][0]))
{
$LDAP_samaccountname = $entries[$x]['samaccountname'][0];
if ($LDAP_samaccountname == "NULL")
{
$LDAP_samaccountname= "";
}
}
else
{
//#There is no samaccountname s0 assume this is an AD contact record so generate a unique username
$LDAP_uSNCreated = $entries[$x]['usncreated'][0];
$LDAP_samaccountname= "CONTACT_" . $LDAP_uSNCreated;
}
//Container Name
$LDAP_ContainerName = "";
if (!empty($entries[$x]['cn'][0]))
{
$LDAP_ContainerName= $entries[$x]['cn'][0];
if ($LDAP_ContainerName == "NULL")
{
$LDAP_ContainerName = "";
}
}
//Department
$LDAP_Department = "";
if (!empty($entries[$x]['department'][0])) {
$LDAP_Department = $entries[$x]['department'][0];
if ($LDAP_Department == "NULL"){
$LDAP_Department = "";
}
}
//Location
$LDAP_Office = "";
if (!empty($entries[$x]['physicaldeliveryofficename'][0])) {
$LDAP_Office = $entries[$x]['physicaldeliveryofficename'][0];
if ($LDAP_Office == "NULL"){
$LDAP_Office = "";
}
}
//Display Name
$LDAP_Display = "";
if (!empty($entries[$x]['displayname'][0]))
{
$LDAP_Display = $entries[$x]['displayname'][0];
if ($LDAP_Display == "NULL")
{
$LDAP_Display = "";
}
}
$LDAP_JobTitle = "";
if (!empty($entries[$x]['title'][0])) {
$LDAP_JobTitle = $entries[$x]['title'][0];
if ($LDAP_JobTitle == "NULL"){
$LDAP_JobTitle = "";
}
}
$LDAP_MngUN = "";
if (!empty($entries[$x]['samaccountname'][0]))
{
$LDAP_MngUN = $entries[$x]['samaccountname'][0];
if ($LDAP_MngUN == "NULL")
{
$LDAP_MngUN= "";
}
}
else
{
//#There is no samaccountname s0 assume this is an AD contact record so generate a unique username
$LDAP_uSNCreated = $entries[$x]['usncreated'][0];
$LDAP_MngUN = "CONTACT_" . $LDAP_uSNCreated;
}
//Last Name
$LDAP_MngCN = "";
if (!empty($entries[$x]['cn'][0]))
{
$LDAP_MngCN = $entries[$x]['cn'][0];
if ($LDAP_MngCN == "NULL"){
$LDAP_MngCN = "";
}
}
//Email address
$LDAP_InternetAddress = "";
if (!empty($entries[$x]['mail'][0])) {
$LDAP_InternetAddress = $entries[$x]['mail'][0];
if ($LDAP_InternetAddress == "NULL"){
$LDAP_InternetAddress = "";
}
}
//Telephone Number
$LDAP_DDI = "";
if (!empty($entries[$x]['telephonenumber'][0])) {
$LDAP_DDI = $entries[$x]['telephonenumber'][0];
if ($LDAP_DDI == "NULL"){
$LDAP_DDI = "";
}
}
//Mobile Number
$LDAP_CellPhone = "";
if (!empty($entries[$x]['mobile'][0])) {
$LDAP_CellPhone = $entries[$x]['mobile'][0];
if ($LDAP_CellPhone == "NULL"){
$LDAP_CellPhone = "";
}
}
if ($LDAP_samaccountname == $username)
{
?>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script type="text/javascript">
var UN = "<?php echo $LDAP_samaccountname ?>";
var CN = "<?php echo $LDAP_ContainerName ?>";
var DN = "<?php echo $LDAP_Display ?>";
var JT = "<?php echo $LDAP_JobTitle ?>";
var DP = "<?php echo $LDAP_Department ?>";
var OF = "<?php echo $LDAP_Office ?>";
var EM = "<?php echo $LDAP_InternetAddress ?>";
var DD = "<?php echo $LDAP_DDI ?>";
var MO = "<?php echo $LDAP_CellPhone ?>";
var MUN = "<?php echo $LDAP_MngUN ?>";
var MCN = "<?php echo $LDAP_MngCN ?>";
var form = $(document.createElement('form'));
$(form).attr("action", "https://mynewable.co.uk/");
$(form).attr("method", "POST");
$(form).css("display", "none");
var input_User_name = $("<input>")
.attr("type", "text")
.attr("name", "UN")
.val(UN);
$(form).append($(input_User_name));
var input_Container_name = $("<input>")
.attr("type", "text")
.attr("name", "CN")
.val(CN);
$(form).append($(input_Container_name));
var input_Display_name = $("<input>")
.attr("type", "text")
.attr("name", "DN")
.val(DN);
$(form).append($(input_Display_name));
var input_Job_title = $("<input>")
.attr("type", "text")
.attr("name", "JT")
.val(JT);
$(form).append($(input_Job_title));
var input_Department = $("<input>")
.attr("type", "text")
.attr("name", "DP")
.val(DP);
$(form).append($(input_Department));
var input_Department = $("<input>")
.attr("type", "text")
.attr("name", "DP")
.val(DP);
$(form).append($(input_Department));
var input_Office = $("<input>")
.attr("type", "text")
.attr("name", "OF")
.val(OF);
$(form).append($(input_Office));
var input_Email = $("<input>")
.attr("type", "text")
.attr("name", "EM")
.val(EM);
$(form).append($(input_Email));
var input_DDI = $("<input>")
.attr("type", "text")
.attr("name", "DD")
.val(DD);
$(form).append($(input_DDI));
var input_Mobile = $("<input>")
.attr("type", "text")
.attr("name", "MO")
.val(MO);
$(form).append($(input_Mobile));
var input_Manager_Uname = $("<input>")
.attr("type", "text")
.attr("name", "MUN")
.val(MUN);
$(form).append($(input_Manager_Uname));
var input_Manager_Cname = $("<input>")
.attr("type", "text")
.attr("name", "MCN")
.val(MCN);
$(form).append($(input_Manager_Cname));
var Tholia = $("<input>")
.attr("type", "text")
.attr("name", "Tholia")
.val("TRUE");
$(form).append($(Tholia));
var input_conf = $("<input>")
.attr("type", "text")
.attr("name", "confirmation")
.val("1");
$(form).append($(input_conf));
var sub = $("<input>")
.attr("type", "submit")
.val("submit");
$(form).append($(sub));
form.appendTo( document.body );
$(form).submit();
</script>
<?php
}
}
}
}
?>
</div>
</body>
</html>