PHP LDAP 搜索
我有一个测试环境,包括两台Windows 2003服务器,一台运行IIS6.0和php 5.2,另一台是域控制器。我正在尝试获取一个 php 脚本来使用 LDAP 来查找服务器上的所有用户。
域是 openDesk.local,用户是默认 OU 中的用户。
到目前为止,我能够连接并绑定到域控制器,但我只是无法搜索它,我有大约 1 小时的 LDAP 经验,所以当我运行此命令时,我相当确定这是一个与搜索有关的简单语法错误代码我得到“搜索失败”。
<?php
$host = "192.168.1.98";
$user = "username";
$pswd = "password";
$ad = ldap_connect($host)
or die( "Could not connect!" );
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3)
or die ("Could not set ldap protocol");
$bd = ldap_bind($ad, $user, $pswd)
or die ("Could not bind");
$dn = "OU=users,DC=openDesk,DC=local";
$filter = "cn=*";
$search = ldap_search($ad, $dn, $filter)
or die ("Search failed");
$entries = ldap_get_entries($ad, $search);
echo $entries["count"];
?>
I have a test environment that includes two windows 2003 servers, one is running IIS6.0 and php 5.2 and the other one is a domain controller. I am trying to get a php script to use LDAP to find all of the users on the server.
The domain is openDesk.local and the users and in the default OU users.
I am so far able to connect and bind to the domain controller I am just unable to search it, I have about 1 hours experience with LDAP so I'm fairly sure its a simple syntax error to do with the search, when I run this code I get "search failed".
<?php
$host = "192.168.1.98";
$user = "username";
$pswd = "password";
$ad = ldap_connect($host)
or die( "Could not connect!" );
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3)
or die ("Could not set ldap protocol");
$bd = ldap_bind($ad, $user, $pswd)
or die ("Could not bind");
$dn = "OU=users,DC=openDesk,DC=local";
$filter = "cn=*";
$search = ldap_search($ad, $dn, $filter)
or die ("Search failed");
$entries = ldap_get_entries($ad, $search);
echo $entries["count"];
?>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
LDAP 查询应括在括号内。您可能还想在不使用通配符的情况下搜索属性。像“(objectClass=user)”之类的东西可以用作过滤器。
您可以在此处阅读有关 AD 搜索语法的更多信息:http: //msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx
LDAP queries should be enclosed in parenthesis. You might also want to search on an attribute without using a wildcard. Something like "(objectClass=user)" would work as a filter.
You can read more about AD search syntax here: http://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx
虽然这并不能直接回答你的问题,但当我在另一生从事 LDAP 工作时,我发现在查询语法方面拥有 LDAP 浏览器绝对是无价的。我使用了 Softerra 的 LDAP 浏览器。一旦您可以看到路径,语法就不再是问题。
Although this doesn't directly answer your question, when I did LDAP work in another lifetime, I found that having an LDAP browser was absolutely invaluable when it came to query syntax. I used Softerra's LDAP Browser. Once you can see the paths, the syntax is no longer an issue.