我想使用LDAP登录我的系统。目前,我可以使用AD帐户登录系统。问题是,我的系统有两种类型的用户。 (管理员可以读写,而另一个是普通用户,只能读取)。我可以在一个PHP文件中组合两个CN(用于管理员和普通用户)吗?因此,当Admin登录时,它们将被带到他们的HomeScreen.php,而普通用户将被带到HomeScreen2.php。
实际上可以这样做吗?并且有人可以通过其他方式帮助我解决这个问题吗?谢谢。
我的意思如下:
$ldaptree = "CN=@IT,OU=Groups,OU=mcompany,DC=mcompany2,DC=local";
$ldaptree2 = "CN=@BG,OU=Groups,OU=mcompany,DC=mcompany2,DC=local";
$domain = '@mcompany3.local';
// connect
$ldapconn = ldap_connect($ldapserver,$ldapport) or die ("Could not connect to LDAP
server.");
// Set some ldap options for talking to
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
$ldapbind = @ldap_bind($ldapconn, $ldapuser.$domain, $ldappass) or die("<b><center>
<font color='red'>WARNING!<br> The username or password you entered is incorrect");
// verify binding
if ($ldapbind) {
$result = @ldap_search($ldapconn,$ldaptree,('cn=*')) or die ("<b><center><font
color='red'>Please enter username & password");
echo "<b><center><font color='yellow'>LOGIN SUCCESSFUL <br> $ldapuser is
authenticated.\n";
header('Location: HomeScreen.php');
}
else {
$result2 = @ldap_search($ldapconn,$ldaptree2,('cn=*')) or die ("<b><center><font
color='red'>Please enter username & password");
echo "<b><center><font color='blue'>LOGIN SUCCESSFUL <br> $ldapuser is
authenticated.\n";
header('Location: HomeScreenr.php');
}
} else {
echo "LDAP bind failed...\n";
}
这是我到目前为止所做的LDAP编码(不包括登录表单):
set_time_limit(30);
error_reporting(E_ALL);
ini_set('error_reporting', E_ALL);
ini_set('display_errors',1);
///config
$ldapserver = "server.name";
$ldapport = 389;
$base_dn = "DC=xyz,DC=local";
$ldapuser = isset($_POST['username']) ? $_POST['username'] : '';
$ldappass = isset($_POST['password']) ? $_POST['password'] : '';
$ldaptree = "CN=ITInfra,OU=Groups,OU=MYABC,DC=xyz,DC=local";
$domain = '@abcd.local';
// connect
$ldapconn = ldap_connect($ldapserver,$ldapport) or die ("Could not connect to LDAP
server.");
// Set some ldap options for talking to
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
// binding to ldap server
//$ldapbind = @ldap_bind($ldapconn, $ldapuser.$domain, $ldappass) or die ("<b>
<center><font color='red'>WARNING! : ".ldap_error($ldapconn));
$ldapbind = @ldap_bind($ldapconn, $ldapuser.$domain, $ldappass) or
die("<b><center><font color='red'>WARNING!<br> The username or password you entered is
incorrect");
// verify binding
if ($ldapbind) {
$result = @ldap_search($ldapconn,$ldaptree, "(ou=*)") or die ("<b>
<center><font color='red'>Please enter username & password");
echo "<b><center><font color='blue'> Congratulations! $ldapuser is
authenticated.\n";
header('Location: HomeScreen.php');
} else {
echo "LDAP bind failed...\n";
}
}
// all done? clean up
ldap_close($ldapconn);