使用 ldap 搜索从 AD 检索属性或在不知道专有名称的情况下读取属性

发布于 2025-01-01 15:05:09 字数 1204 浏览 1 评论 0原文

我正在尝试从我的活动目录中检索信息（描述和邮件），但不知道使用其域凭据登录我的应用程序的所有用户的 DN，我只能在提供 DN 时才能检索信息对于部门和组织单位的所有用户来说，每个 dn 都非常不同，绑定工作正常，问题只是检索上面指定的数据。

我的代码如下.. 注意：我更改了一些字段的值。

<?php
 ldap_authenticate();
 function ldap_authenticate() {

 //using ldap bind
 $ldaprdn  = 'username';//ldap rdn or dn
 $ldappass = 'password';// associated password
 $filter="(&(objectClass=user))";
 $justthese = array("sn","displayName");
 //connect to ldap server
 $ldapconn = ldap_connect("hostname.net");

 if ($ldapconn){
  //binding to ldap server
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
  //verify binding
    if($ldapbind){
        $dn='CN=Donald Mailula,OU=Users,OU=Group Testing,OU=Central Office,DC=hostname,DC=net';
        $sr=ldap_read($ldapconn,$dn,$filter);
        $entry = ldap_get_entries($ldapconn, $sr);
        echo $entry[0]["mail"][0] . " is the email address of the cn your requested<br/>";
        echo $entry[0]["description"][0];
    }else{
       echo "LDAP bind failed...";
    }
  }
}

?>

我的主要问题是我无法知道所有登录用户的 dn，所以我需要一种在没有 dn 的情况下搜索记录的方法，或者如何先获取 dn，然后搜索我需要的记录。

伙计们，这可能吗？

请帮忙

谢谢 D

原文

I'm trying to retrieve information(descriptionand Mail) from my active directory without knowing my DN for all the users who have logged in on my application using their domain credentials, i'm only able to retrieve the information if i provide a dn of which each dn is very different for all the users cause of the departments and Organizational Units, the binding works fine the problem is only retrieving the data specified above.

My code is as follows..
NB:I've changed the values of some fields.

<?php
 ldap_authenticate();
 function ldap_authenticate() {

 //using ldap bind
 $ldaprdn  = 'username';//ldap rdn or dn
 $ldappass = 'password';// associated password
 $filter="(&(objectClass=user))";
 $justthese = array("sn","displayName");
 //connect to ldap server
 $ldapconn = ldap_connect("hostname.net");

 if ($ldapconn){
  //binding to ldap server
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
  //verify binding
    if($ldapbind){
        $dn='CN=Donald Mailula,OU=Users,OU=Group Testing,OU=Central Office,DC=hostname,DC=net';
        $sr=ldap_read($ldapconn,$dn,$filter);
        $entry = ldap_get_entries($ldapconn, $sr);
        echo $entry[0]["mail"][0] . " is the email address of the cn your requested<br/>";
        echo $entry[0]["description"][0];
    }else{
       echo "LDAP bind failed...";
    }
  }
}

?>

My main problem is that i wont be able to know the dn of all the users who logged in so i need a way to search for record without the dn, or how to get the dn first and then search for the record i need.

Is it even possible guys?

Please help

Thanks
D

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

探春 2025-01-08 15:05:09

您需要的东西称为ldap_search，您可以找到完整的示例这里

<?php
// $ds is a valid connexion id (samAccountName)
$dn = "o=Ma Compagnie, c=FR";
$filter="(|(objectCategory=person)(samAccountName=$ds))";
$justtheseattributes = array( "ou", "sn", "givenname", "mail");
$sr=ldap_search($ds, $dn, $filter, $justtheseattributes);
$info = ldap_get_entries($ds, $sr);
echo $info["count"]." found entries.\n";
?>

The thing you need is called ldap_search you can find a full sample here

<?php
// $ds is a valid connexion id (samAccountName)
$dn = "o=Ma Compagnie, c=FR";
$filter="(|(objectCategory=person)(samAccountName=$ds))";
$justtheseattributes = array( "ou", "sn", "givenname", "mail");
$sr=ldap_search($ds, $dn, $filter, $justtheseattributes);
$info = ldap_get_entries($ds, $sr);
echo $info["count"]." found entries.\n";
?>

回复收藏 0 原文

~没有更多了~