• <i id='8CqPt'><tr id='8CqPt'><dt id='8CqPt'><q id='8CqPt'><span id='8CqPt'><b id='8CqPt'><form id='8CqPt'><ins id='8CqPt'></ins><ul id='8CqPt'></ul><sub id='8CqPt'></sub></form><legend id='8CqPt'></legend><bdo id='8CqPt'><pre id='8CqPt'><center id='8CqPt'></center></pre></bdo></b><th id='8CqPt'></th></span></q></dt></tr></i><div id='8CqPt'><tfoot id='8CqPt'></tfoot><dl id='8CqPt'><fieldset id='8CqPt'></fieldset></dl></div>

      • <bdo id='8CqPt'></bdo><ul id='8CqPt'></ul>

        <small id='8CqPt'></small><noframes id='8CqPt'>

        <legend id='8CqPt'><style id='8CqPt'><dir id='8CqPt'><q id='8CqPt'></q></dir></style></legend>
      1. <tfoot id='8CqPt'></tfoot>
      2. 如果我不知道基本 DN 的 OU,如何通过 PHP ldap_search() 获取用户 OU

        时间:2023-10-15
          <tbody id='ndo5t'></tbody>
      3. <tfoot id='ndo5t'></tfoot>

        <small id='ndo5t'></small><noframes id='ndo5t'>

            <bdo id='ndo5t'></bdo><ul id='ndo5t'></ul>

          • <legend id='ndo5t'><style id='ndo5t'><dir id='ndo5t'><q id='ndo5t'></q></dir></style></legend>
            <i id='ndo5t'><tr id='ndo5t'><dt id='ndo5t'><q id='ndo5t'><span id='ndo5t'><b id='ndo5t'><form id='ndo5t'><ins id='ndo5t'></ins><ul id='ndo5t'></ul><sub id='ndo5t'></sub></form><legend id='ndo5t'></legend><bdo id='ndo5t'><pre id='ndo5t'><center id='ndo5t'></center></pre></bdo></b><th id='ndo5t'></th></span></q></dt></tr></i><div id='ndo5t'><tfoot id='ndo5t'></tfoot><dl id='ndo5t'><fieldset id='ndo5t'></fieldset></dl></div>

                  本文介绍了如果我不知道基本 DN 的 OU,如何通过 PHP ldap_search() 获取用户 OU的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  我有一个 Active-Directory 结构,其中用户对象驻留在 OU 中,例如 IT、技术、HR、帐户等.我想编写一个 PHP 脚本,通过 AD 对用户进行身份验证,并根据他们的组提供适当的网络服务.

                  I have an Active-Directory structure where User objects reside in OU for example, IT, Technical, HR, Accounts etc.. I want to write a PHP script that authenticates the user with AD and depending on their Group to provide the aproperiate web services.

                  ldap_search() 需要基本 DN.我试着用

                  ldap_search() requires base DN. I tried to search with

                  ldap_search($ldap, "dc=country,dc=company,dc=co,dc=uk", "(samaccountname=$username)", array("memberof"));
                  

                  但 PHP 给出了操作错误".如果我指定 OU

                  but PHP gives "Operation Error". If instead i specify the OU

                  ldap_search($ldap, "ou=sales,dc=country,dc=company,dc=co,dc=uk", "(samaccountname=jake)", array("memberof"));
                  

                  那么搜索就OK了.

                  有我可以使用的通配符吗?

                  Is there a wildcard I can use?

                  附带说明一下,用户对象是否应该在 OU 中?因为我是第一个把它们搬进去的菜鸟!

                  On a side note, should user objects be in OU at all? Because I am the noob who moved them inside in the first place!

                  感谢 JPBlanc 为我指引正确的方向和 http://blog.redbranch.net/?p=76

                  With credits to JPBlanc for guiding me in the right direction and http://blog.redbranch.net/?p=76

                  解决办法是在connect和bind之间加2行.

                  The solution is to add 2 lines between connect and bind.

                  ldap_connect(..)
                  ldap_set_option ($ldap, LDAP_OPT_REFERRALS, 0);
                  ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
                  ldap_bind(..)
                  

                  谢谢 =)

                  编辑 2 - 完整代码:

                  EDIT 2 - Fullcode:

                  <?php
                  
                  namespace ldap;
                  
                  abstract class AuthStatus
                  {
                      const FAIL = "Authentication failed";
                      const OK = "Authentication OK";
                      const SERVER_FAIL = "Unable to connect to LDAP server";
                      const ANONYMOUS = "Anonymous log on";
                  }
                  
                  // The LDAP server
                  class LDAP
                  {
                      private $server = "127.0.0.1";
                      private $domain = "localhost";
                      private $admin = "admin";
                      private $password = "";
                  
                      public function __construct($server, $domain, $admin = "", $password = "")
                      {
                          $this->server = $server;
                          $this->domain = $domain;
                          $this->admin = $admin;
                          $this->password = $password;
                      }
                  
                      // Authenticate the against server the domainusername and password combination.
                      public function authenticate($user)
                      {
                          $user->auth_status = AuthStatus::FAIL;
                  
                          $ldap = ldap_connect($this->server) or $user->auth_status = AuthStatus::SERVER_FAIL;
                          ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
                          ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
                          $ldapbind = ldap_bind($ldap, $user->username."@".$this->domain, $user->password);
                  
                          if($ldapbind)
                          {
                              if(empty($user->password))
                              {
                                  $user->auth_status = AuthStatus::ANONYMOUS;
                              }
                              else
                              {
                                  $result = $user->auth_status = AuthStatus::OK;
                  
                                  $this->_get_user_info($ldap, $user);
                              }
                          }
                          else
                          {
                              $result = $user->auth_status = AuthStatus::FAIL;
                          }
                  
                          ldap_close($ldap);
                      }
                  
                      // Get an array of users or return false on error
                      public function get_users()
                      {       
                          if(!($ldap = ldap_connect($this->server))) return false;
                  
                          ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
                          ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
                          $ldapbind = ldap_bind($ldap, $this->admin."@".$this->domain, $this->password);
                  
                          $dc = explode(".", $this->domain);
                          $base_dn = "";
                          foreach($dc as $_dc) $base_dn .= "dc=".$_dc.",";
                          $base_dn = substr($base_dn, 0, -1);
                          $sr=ldap_search($ldap, $base_dn, "(&(objectClass=user)(objectCategory=person)(|(mail=*)(telephonenumber=*))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))", array("cn", "dn", "memberof", "mail", "telephonenumber", "othertelephone", "mobile", "ipphone", "department", "title"));
                          $info = ldap_get_entries($ldap, $sr);
                  
                          for($i = 0; $i < $info["count"]; $i++)
                          {
                              $users[$i]["name"] = $info[$i]["cn"][0];
                              $users[$i]["mail"] = $info[$i]["mail"][0];
                              $users[$i]["mobile"] = $info[$i]["mobile"][0];
                              $users[$i]["skype"] = $info[$i]["ipphone"][0];
                              $users[$i]["telephone"] = $info[$i]["telephonenumber"][0];
                              $users[$i]["department"] = $info[$i]["department"][0];
                              $users[$i]["title"] = $info[$i]["title"][0];
                  
                              for($t = 0; $t < $info[$i]["othertelephone"]["count"]; $t++)
                                  $users[$i]["othertelephone"][$t] = $info[$i]["othertelephone"][$t];
                  
                              // set to empty array
                              if(!is_array($users[$i]["othertelephone"])) $users[$i]["othertelephone"] = Array();
                          }
                  
                          return $users;
                      }
                  
                      private function _get_user_info($ldap, $user)
                      {
                          $dc = explode(".", $this->domain);
                  
                          $base_dn = "";
                          foreach($dc as $_dc) $base_dn .= "dc=".$_dc.",";
                  
                          $base_dn = substr($base_dn, 0, -1);
                  
                          $sr=ldap_search($ldap, $base_dn, "(&(objectClass=user)(objectCategory=person)(samaccountname=".$user->username."))", array("cn", "dn", "memberof", "mail", "telephonenumber", "othertelephone", "mobile", "ipphone", "department", "title"));
                          $info = ldap_get_entries($ldap, $sr);
                  
                          $user->groups = Array();
                          for($i = 0; $i < $info[0]["memberof"]["count"]; $i++)
                              array_push($user->groups, $info[0]["memberof"][$i]);
                  
                          $user->name = $info[0]["cn"][0];
                          $user->dn = $info[0]["dn"];
                          $user->mail = $info[0]["mail"][0];
                          $user->telephone = $info[0]["telephonenumber"][0];
                          $user->mobile = $info[0]["mobile"][0];
                          $user->skype = $info[0]["ipphone"][0];
                          $user->department = $info[0]["department"][0];
                          $user->title = $info[0]["title"][0];
                  
                          for($t = 0; $t < $info[$i]["othertelephone"]["count"]; $t++)
                                  $user->other_telephone[$t] = $info[$i]["othertelephone"][$t];
                  
                          if(!is_array($user->other_telephone[$t])) $user->other_telephone[$t] = Array();
                      }
                  }
                  
                  class User
                  {
                      var $auth_status = AuthStatus::FAIL;
                      var $username = "Anonymous";
                      var $password = "";
                  
                      var $groups = Array();
                      var $dn = "";
                      var $name = "";
                      var $mail = "";
                      var $telephone = "";
                      var $other_telephone = Array();
                      var $mobile = "";
                      var $skype = "";
                      var $department = "";
                      var $title = "";
                  
                      public function __construct($username, $password)
                      {       
                          $this->auth_status = AuthStatus::FAIL;
                          $this->username = $username;
                          $this->password = $password;
                      }
                  
                      public function get_auth_status()
                      {
                          return $this->auth_status;
                      }
                   }
                  ?>
                  

                  用法:

                  $ldap = new ldapLDAP("192.168.1.123", "company.com", "admin", "mypassword");
                  $users = $ldap->get_users();
                  

                  推荐答案

                  如果您尝试在 Windows 2003 Server Active Directory 或更高版本上执行搜索,似乎您必须将 LDAP_OPT_REFERRALS 选项设置为 0:

                  If you try to perform the searches on Windows 2003 Server Active Directory or above, it seems that you have to set the LDAP_OPT_REFERRALS option to 0:

                  ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
                  ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
                  

                  如果没有这个,如果您尝试搜索整个 AD(使用域的根作为 $base_dn),您将收到操作错误".

                  Without this, you will get "Operations error" if you try to search the whole AD (using root of the domain as a $base_dn).

                  在 LDAP 目录中,通常任何节点都可以在任何节点下(用户是节点,ou 是节点).

                  In LDAP Directories in general any node can be under any node (a user is a node, an ou is a node).

                  但是 Active-Directory 的行为方式与 SCHEMA 定义的对象可以存在于哪个容器中的方式不同.因此,如果您查找用户,则允许的上级为:builtinDomaindomainDNSorganizationalUnit,如下所示:

                  But Active-Directory behave in a different way the SCHEMA define in which container an object can exist. So, if you look for a user, superiors allowed are: builtinDomain, domainDNS and organizationalUnit as you can see here under:

                  这篇关于如果我不知道基本 DN 的 OU,如何通过 PHP ldap_search() 获取用户 OU的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  上一篇:PHP LDAP 获取作为组成员的成员的用户详细信息 下一篇:如何从 PHP 数组为下拉选择字段创建嵌套列表?

                  相关文章

                  • <bdo id='t3IYm'></bdo><ul id='t3IYm'></ul>

                    <legend id='t3IYm'><style id='t3IYm'><dir id='t3IYm'><q id='t3IYm'></q></dir></style></legend>
                    <tfoot id='t3IYm'></tfoot>
                    <i id='t3IYm'><tr id='t3IYm'><dt id='t3IYm'><q id='t3IYm'><span id='t3IYm'><b id='t3IYm'><form id='t3IYm'><ins id='t3IYm'></ins><ul id='t3IYm'></ul><sub id='t3IYm'></sub></form><legend id='t3IYm'></legend><bdo id='t3IYm'><pre id='t3IYm'><center id='t3IYm'></center></pre></bdo></b><th id='t3IYm'></th></span></q></dt></tr></i><div id='t3IYm'><tfoot id='t3IYm'></tfoot><dl id='t3IYm'><fieldset id='t3IYm'></fieldset></dl></div>
                  1. <small id='t3IYm'></small><noframes id='t3IYm'>