使用ADLDAP从Active Directory加载用户
[英]Load users from Active Directory using ADLDAP
问题描述
I'm using the ADLDAP library ( http://adldap.sourceforge.net ) to interact with Active Directory. 
我正在使用ADLDAP库( http://adldap.sourceforge.net )与Active Directory进行交互。 I am using PHP. 我正在使用PHP。 I would like to get all users from Active Directory and save them to array. 我想从Active Directory中获取所有用户并将其保存到数组。 Is there any way to do this? 有什么办法吗?
2 个解决方案
解决方案1
5 已采纳 2012-04-10 18:49:52
You probably want to do something like: 您可能想要执行以下操作:
$adldap = new adLDAP();
$usernames = $adldap->user()->all();
$users = array();
foreach ($usernames as $username)
{
$userInfo = $adldap->user()->infoCollection($username);
$users[$username] = $userInfo;
}
解决方案2
1 2012-03-06 11:01:24
Assuming that the directory administrators would permit an LDAP client application to retrieve all entries from a directory, extract the value of the attribute namingContexts from the root DSE. 假设目录管理员将允许LDAP客户端应用程序从目录中检索所有条目, namingContexts从根DSE中提取属性namingContexts的值。 The values of this attribute (it is multi-valued) are the naming contexts or suffixes that this server supports. 该属性的值(它是多值的)是该服务器支持的命名上下文或后缀。 With this information, construct a search using: 有了这些信息,可以使用以下方法构造搜索:
- the naming context 命名上下文
- a size limit 0f 0 (no sizelimit) 大小限制0f 0(无大小限制)
- a time limit of 0 (unlimited time) 时限为0(无限制时间)
- a filter that will match all entries, for example,
(objectClass=*)or(&)一个匹配所有条目的过滤器,例如(objectClass=*)或(&) - a scope sufficient to discover all entries, probably
subtree一个足以发现所有条目(可能是subtree - a list of the attributes you require 您需要的属性列表
Construct this search for each namingContext . 为每个namingContext构造此搜索。 Again, assuming that the directory administrators will allow an LDAP client to search the entire directory, these searches will result in responses that contain every entry. 同样,假设目录管理员将允许LDAP客户端搜索整个目录,则这些搜索将导致包含每个条目的响应。
There are many caveats such as: 有许多警告,例如:
- is this permitted by administrators? 这是管理员允许的吗?
- can your application grow big enough to handle the data (if not the Simple Paged Results mechanism may provide a solution). 您的应用程序是否可以增长到足以处理数据的大小(如果不能,“简单分页结果”机制可能无法提供解决方案)。
- I have been told that AD imposes a size limit of 1000 on LDAP clients. 有人告诉我AD对LDAP客户端施加了1000个大小限制。 Even if this is true, no LDAP client should be coded with knowledge of a directory infrastructure or vendor. 即使是这样,也不应使用目录基础结构或供应商的知识对LDAP客户端进行编码。 Doing so results in poor, brittle code that is difficult to maintain. 这样做会导致不良的,易碎的代码难以维护。 All LDAP clients must be coded to the standards imposed by the LDAP Directorate at the IETF. 所有LDAP客户端都必须按照IETF上的LDAP理事会制定的标准进行编码。
For more information, see: 有关更多信息,请参见:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.