从Active Directory组中提取所有用户
[英]Fetch all users from Active Directory group
问题描述
I'm trying to read some user accounts from Active Directory. 
我正在尝试从Active Directory中读取一些用户帐户。 I can connect and authenticate just fine. 我可以连接并进行身份验证。 But whatever search I throw at the thing, I get an »Operations error«. 但是,无论我进行什么搜索,都会遇到“操作错误”。 Any ideas what this could be? 有什么想法吗?
I'm running the script on a Windows 2k8 server machine with PHP 5.3.8 CLI. 我正在使用PHP 5.3.8 CLI在Windows 2k8服务器计算机上运行脚本。 (I'm no AD expert:) dsa.mcs tells me the AD host has DC Type = GC and DC Version W2K8. (我不是AD专家:) dsa.mcs告诉我AD主机具有DC Type = GC和DC Version W2K8。
// $ds = ldap_connect($host, $port);
// $db = ldab_bind($ds, $user, $password);
// $ds and $db are verified, connected and authenticated!
$dn = "CN=All users in Some City,OU=Some Group,OU=Some City,OU=Company Name,DC=bar,DC=foo,DC=com";
//$filter = 'sAMAccountName=' . $username;
//$filter = "(&(&(&(objectCategory=person)(objectClass=user))))";
$filter = "(objectClass=user)";
$attributes = array('sn', 'givenName', 'memberOf');
$res = ldap_search($ds, $dn, $filter, $attributes);
// results in
// ldap_errno(): 1
// ldap_error(): Operations error
running the follwing in the "terminal" (that dos box thingie) returns the list of users just fine. 在“终端”(即dos盒中的东西)中运行下面的命令将返回用户列表。
dsget group "CN=All users in Some City,OU=Some Group,OU=Some City,OU=Company Name,DC=bar,DC=foo,DC=com" -members
WTF am I missing here? 我在这里想念WTF吗?
1 个解决方案
解决方案1
1 已采纳 2011-12-08 14:15:42
I can repeat your problem on an SBS 2003 box. 我可以在SBS 2003机器上重复您的问题。
Try adding the following two lines between your calls to ldap_connect() and ldap_bind() : 尝试在对ldap_connect()和ldap_bind()调用之间添加以下两行:
// Use protocol version 3
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
// Don't follow referrals
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
This resolves the problem for me. 这为我解决了问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.