堆栈内存溢出
  简体   繁体   English

使用PHP LDAP获取组成员的AD属性

[英]Get AD attributes of members of a group using PHP LDAP

 原文  2014-10-01 14:14:59       php/ active-directory/ ldap

问题描述

I'm using PHP to query Active Directory. 我正在使用PHP查询Active Directory。 I need to get a few attributes (Office phone and email) of all the members of a specified group. 我需要获取指定组的所有成员的一些属性(Office电话和电子邮件)。

I can get the complete CNs of the users in the group, so, for example: 我可以获取组中用户的完整CN,因此,例如: 

        $results = ldap_search($ds,$ldapbase, "cn=" . $group);
        $entries = ldap_get_entries($ds, $results);
        $members = $entries[0]['member'];

            for ($i=0; $i< count($members) -1; $i++) {

                $mem = $members[$i];

                if($mem != "") {

                    $groupMembers[] = $mem;
                }
            }

will give me an array of members of the group like this: 将给我这样的一组小组成员: 

 CN=Testlastname1\, Testfirstname1,OU=Personnel,OU=All Staff,DC=domain,DC=domainsuffix              
 CN=Testlastname2\, Testfirstname2,OU=All Staff,DC=domain,DC=domainsuffix               
 etc...

My question, how can I take these results and query the attributes I need, namely the officephone and email address for each one? 我的问题是,如何获取这些结果并查询所需的属性,即每个属性的办公电话和电子邮件地址? Or am I going at it completely wrong? 还是我完全错了?

I have seen some things close to this and some (somewhat byzantine) examples that I cannot get to work. 我已经看到了一些与此相关的内容以及一些我无法工作的示例(有些拜占庭式)。 I have played with various filter syntax to no avail. 我玩过各种过滤器语法都无济于事。 There must be a way to take the individual results from the successful group query, retrieve the AD object described by the result, and extract the properties required, but I have yet to find it. 必须有一种方法可以从成功的组查询中获取单个结果,检索结果描述的AD对象,并提取所需的属性,但是我还没有找到它。

Any help is greatly appreciated. 任何帮助是极大的赞赏。

BTW - PHP Version 5.5.7 using FastCGI on Windows 2008R2, IIS7.5 BTW-在Windows 2008R2,IIS7.5上使用FastCGI的PHP 5.5.7版

1 个解决方案

解决方案1
 1 已采纳  2014-10-02 14:50:14

The following should work somehow: 以下应该以某种方式工作: 

foreach ($groupsmembers as $groupmember) {
    $result = ldap_search($ds,$groupmember, '*', 'officephone,mail');
    $entries = ldap_get_entries($ds, $results);
    $users[$groupmember]['officephone'] = $entries[0]['officephone'][0];
    $users[$groupmember]['mail'] = $entries[0]['mail'][0];
}

Main thing is, that you use the retrieved DN (which is the thingy with CN=Testlastname1\\, Testfirstname1,OU=Personnel,OU=All Staff,DC=domai.... ) as search-base and then retrieve the email and officephone-attributes from it. CN=Testlastname1\\, Testfirstname1,OU=Personnel,OU=All Staff,DC=domai....的是,您使用检索到的DN(在CN=Testlastname1\\, Testfirstname1,OU=Personnel,OU=All Staff,DC=domai.... )作为搜索基础,然后检索电子邮件和办公电话属性。

On the (Linux)-Commandline that would look like this: 在(Linux)-Commandline上,如下所示: 

ldapsearch -h ldap-server -b "CN=Testlastname1, Testfirstname1,OU=Personnel,OU=All Staff,DC=domain,DC=domainsuffix" * mail,officephone

Hope that helps 希望能有所帮助

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP LDAP获取组成员 - PHP LDAP Get Members of a group LDAP查找组PHP的成员 - LDAP Finding Members of a group PHP PHP - LDAP 过滤一组成员 - PHP - LDAP Filter members of a group PHP LDAP查询以获取特定安全组的成员 - PHP LDAP query to get members of specific security Group 使用ldap / php查询AD - querying AD using ldap / php 使用php和LDAP验证AD组成员身份 - Validate AD group membership with php and LDAP PHP/AD/LDAP:嵌套组成员 - PHP/AD/LDAP: Nested group memberships 无法在php中使用ldap_search为用户找到Windows AD组 - unable to locate windows AD group for user using ldap_search in php php ldap_search获取扩展属性 - php ldap_search get extended attributes 获取组PHP / LDAP中的所有用户 - Get all users in a group PHP/LDAP
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM