Question

我正在尝试查询Active Directory以获取给定的用户组成员资格。当我搜索特定用户的OU时，搜索工作正常。当我尝试搜索整个目录时，结果为空。由于我有许多用户OU，因此特定用户OU可能会有所不同。

系统是带有PHP + Apache的CentOS 6.4。

以下是代码：

$ldap_dn = "dc=ccc,dc=bbb,dc=aaa,dc=com";

// Active Directory user for querying
$query_user = "ldap_bind@ccc.bbb.aaa.com";
$password = "xxxx";

// Connect to AD
$ldap = ldap_connect($ldap_host, 389) or die("Could not connect to LDAP");
ldap_bind($ldap,$query_user,$password) or die("Could not bind to LDAP");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);

// Search AD
$results = ldap_search($ldap,$ldap_dn,"(sAMAccountName=$user)",array("memberof","primarygroupid"));
$entries = ldap_get_entries($ldap, $results);
if($entries['count'] == 0) {
    echo "No results\n";
    return false;
}

有没有人见过类似的结果？我错过了什么或任何配置来支持这种搜索吗？

Answer 1

正确的代码问题......

$ldap_dn = "dc=ccc,dc=bbb,dc=aaa,dc=com";

// Active Directory user for querying
$query_user = "ldap_bind@ccc.bbb.aaa.com";
$password = "xxxx";

// Connect to AD
$ldap = ldap_connect($ldap_host, 389) or die("Could not connect to LDAP");

->>> bfore ldap_bind<<<- ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
->>> bfore ldap_bind<<<- ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);

ldap_bind($ldap,$query_user,$password) or die("Could not bind to LDAP");


// Search AD
$results = ldap_search($ldap,$ldap_dn,"(sAMAccountName=$user)",array("memberof","primarygroupid"));
$entries = ldap_get_entries($ldap, $results);
if($entries['count'] == 0) {
    echo "No results\n";
    return false;
}

Active Directory根DN中的php ldap_search - 空结果

1 个答案: