堆栈内存溢出
  简体   繁体   English

无法在php中使用ldap_search为用户找到Windows AD组

[英]unable to locate windows AD group for user using ldap_search in php

 原文  2013-10-17 02:39:38       php/ ldap

问题描述

I can successfully connect and bind to ldap in windows AD using php. 我可以使用php成功连接并绑定到Windows AD中的ldap。 However, I'm not getting the results I expect from ldap_search. 但是,我没有从ldap_search获得预期的结果。 I know my test user is in Intranet_Group123 but either ldap_search isn't finding the group, or I don't know how to correctly parse the result array. 我知道我的测试用户位于Intranet_Group123中,但是ldap_search找不到组,或者我不知道如何正确解析结果数组。 I know the distinguished name of the group: CN=Intranet_Group123,OU=PD,OU=Intranet,OU=Apps,OU=Groups,DC=mydomain,DC=com 我知道该组的专有名称:CN = Intranet_Group123,OU = PD,OU = Intranet,OU = Apps,OU = Groups,DC = mydomain,DC = com

Here's the code I'm using (based on blog here: blog here ). 这是我正在使用的代码(基于此处的博客此处的博客 )。 

    $user = 'testuser';
    $password = 'test';
    $ldap_host = "myServer";

// Active Directory DN (I have also tried having CN=Intranet_Group123 at the beginning of the string)
$ldap_dn = "OU=PD,OU=Intranet,OU=Apps,OU=Groups,DC=mydomain,DC=com";


// Domain, for purposes of constructing $user
$ldap_usr_dom = "@mydomain.com";

// connect to active directory
$ldap = ldap_connect($ldap_host);

// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
    var_dump($bind);  // bool•true
    // valid
    // check presence in groups
    $filter = "(sAMAccountName=" . $user . ")";
    $attr = array("memberof");
    $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
    var_dump($result);  //resource(8) of type (ldap result)
    $entries = ldap_get_entries($ldap, $result);
    var_dump($entries);  // array(1) {'count' → int 0}

1 个解决方案

解决方案1
 0 已采纳  2013-10-17 09:01:51

You are searching groups container with a filter (sAMAccountName=username) . 您正在使用过滤器(sAMAccountName=username)搜索“组”容器。 This is not going to produce you any meaningful results because there is no user entry in groups container, as your var_dump($entries) shows -- // array(1) {'count' -> int 0} just gives you a hint that no entries were found. 这不会给您带来任何有意义的结果,因为在组容器中没有用户输入,如您的var_dump($entries) shows -- // array(1) {'count' -> int 0}只是给您一个提示没有找到条目。

Instead, turn your query to a root search (dc=mydomain,dc=com) and search with more complex filter. 而是将查询转到根搜索(dc=mydomain,dc=com)并使用更复杂的过滤器进行搜索。 You need to find a user that has particular sAMAccountName and memberof attribute pointing to the proper group DN. 您需要找到一个具有特定sAMAccountName memberof属性的用户,这些用户指向正确的组DN。 Note that memberof attribute accepts DN, not a group name. 请注意, memberof属性接受DN,而不接受组名。

The query filter then would look like this: 查询过滤器将如下所示: 

"(&(objectclass=user)(sAMAccountName=".$user.")(memberof=".$ldap_dn."))"

and do search over $root_prefix where $root_prefix = "dc=mydomain,dc=com" with a subtree scope. 并搜索$root_prefix ,其中$root_prefix = "dc=mydomain,dc=com"带有子树范围。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP - ldap_search() 过滤器。 如何搜索用户 - PHP - ldap_search() filter. How to search for user PHP LDAP:ldap_search遇到错误 - PHP LDAP: Error encountered on ldap_search php ldap_search不返回结果 - php ldap_search not returning results 超出了PHP ldap_search大小限制 - PHP ldap_search size limit exceeded php ldap_search获取扩展属性 - php ldap_search get extended attributes ldap使用ldap_search获取objectguid(php ldap) - ldap get objectguid (php ldap) with ldap_search 如果我不知道基本 DN 的 OU,如何通过 PHP ldap_search() 获取用户 OU - How to PHP ldap_search() to get user OU if I don't know the OU for base DN PHP LDAP,ldap_search仅返回少数用户 - PHP LDAP, only a few users get returned by ldap_search PHP LDAP无法搜索用户 - PHP LDAP unable to search for user PHP ldap_search '返回部分搜索结果:超出大小限制' - PHP ldap_search 'Partial search results returned: Sizelimit exceeded'
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM