我在Centos 7上安装了OPENLDAP。 现在,我尝试创建一个PHP网页,该网页可以帮助我找到用户所在的所有组。
我尝试了此功能,但不起作用:
function get_groups($user) {
// Active Directory server
$ldap_host = "127.0.0.1";
// Active Directory DN, base path for our querying user
$ldap_dn = "dc=test,dc=local";
// Active Directory user for querying
$query_user = "cn=Manager,dc=test,dc=local";
$password = "mypass";
// Connect to AD
$ldap = ldap_connect($ldap_host, $ldap_port) or die("Could not connect to LDAP");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($ldap,$query_user,$password) or die("Could not bind to LDAP");
// Search AD
$results = ldap_search($ldap,$ldap_dn,"($user)",array("memberof","primarygroupid"));
$entries = ldap_get_entries($ldap, $results);
// No information found, bad user
if($entries['count'] == 0) return false;
// Get groups and primary group token
$output = $entries[0]['memberof'];
$token = $entries[0]['primarygroupid'][0];
// Remove extraneous first entry
array_shift($output);
// We need to look up the primary group, get list of all groups
$results2 = ldap_search($ldap,$ldap_dn,"(objectcategory=group)",array("distinguishedname","primarygrouptoken"));
$entries2 = ldap_get_entries($ldap, $results2);
// Remove extraneous first entry
array_shift($entries2);
// Loop through and find group with a matching primary group token
foreach($entries2 as $e) {
if($e['primarygrouptoken'][0] == $token) {
// Primary group found, add it to output array
$output[] = $e['distinguishedname'][0];
// Break loop
break;
}
}
return $output;
ldap_close($ldap);
}
我尝试了其他功能:
function searchMyLDAP($username){
include_once 'conf/config.inc.php';
#$ldap_hostname = "127.0.0.1";
#$ldap_port = "389";
#$ldap_dn = "cn=Manager,dc=test,dc=local";
#$ldap_password ="mypass";
$username = "cn=". $username . "*";
$ldap_con = ldap_connect($ldap_hostname,$ldap_port);
ldap_set_option($ldap_con, LDAP_OPT_PROTOCOL_VERSION, 3);
if(ldap_bind($ldap_con, $ldap_dn, $ldap_password)){
#$filter = "(cn=Albert Einstein)";
#$result = ldap_search($ldap_con,"dc=example,dc=com",$filter) or exit("Unable to search");
$result = ldap_search($ldap_con,$ldap_search,$username) or exit("Unable to search");
$entries = ldap_get_entries($ldap_con, $result);
print "<pre>";
print_r ($entries);
print "</pre>";
} else {
echo "Invalid user/pass or other errors!";
}
ldap_close($ldap_con);
}
但是它不会返回组成员信息。
我尝试使用samaccountname,但不起作用,如何在我的openldap中为我的用户看到此值? 我使用phpldapadmin通过web管理我的openldap服务器。