[英]PHP LDAP member of a group
I have groups and users in windows AD and i would like to check if member is a part of group. 我在Windows AD中有组和用户,我想检查成员是否是组的一部分。 example:
例:
user1 is in a group 1
group 1 in group 2
and then i should see user 1 in group 2 as well. 然后我也应该在组2中看到用户1。 In this case i could like to have result 1 or 0 Connection is fine but problem in search statement.
在这种情况下,我希望得到结果1或0。连接正常,但搜索语句中存在问题。
$username = $_POST["username"];
$passw = $_POST["password"];
$ldap_dn = " OU=MANAGER GROUP,OU=ALL GROUPS,DC=domain,DC=uk";
$ldap_svr = "domain.uk";
$ldap_domain = "@domain.uk";
$conn=ldap_connect($ldap_svr) or die("Cannot connect to LDAP server!");
ldap_set_option ($conn, LDAP_OPT_REFERRALS, 0);
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($conn,$username.$ldap_domain , $passw);
$filter="(&(objectClass=user)(memberOf=CN=Group1,OU=MANAGER GROUP,OU=ALL GROUPS,DC=domain,DC=uk))";
$justthese = array("cn", "sn", "givenname", "mail");
$sr=ldap_search($conn, $ldap_dn, $filter, $justthese);
$info = ldap_get_entries($conn, $sr);
echo $info["count"]." entries returned\n";
You might want to have a look at this stack-overflow question to see how to solve it without a library: ldap nested group membership 您可能想看一下此堆栈溢出问题,以了解如何在没有库的情况下解决该问题: ldap嵌套组成员身份
Basically it boils down to using the LDAP_MATCHING_RULE_IN_CHAIN matching rule in your query. 基本上可以归结为在查询中使用LDAP_MATCHING_RULE_IN_CHAIN匹配规则。
(memberOf:1.2.840.113556.1.4.1941:=CN=Group1,OU=MANAGER GROUP,OU=ALL GROUPS,DC=domain,DC=uk)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.