我正在尝试查询Active Directory以获取给定的用户组成员资格。 当我搜索特定用户的OU时,搜索工作正常。 当我尝试搜索整个目录时,结果为空。 由于我有许多用户OU,因此特定用户OU可能会有所不同。
系统是带有PHP + Apache的CentOS 6.4。
以下是代码:
$ldap_dn = "dc=ccc,dc=bbb,dc=aaa,dc=com";
// Active Directory user for querying
$query_user = "ldap_bind@ccc.bbb.aaa.com";
$password = "xxxx";
// Connect to AD
$ldap = ldap_connect($ldap_host, 389) or die("Could not connect to LDAP");
ldap_bind($ldap,$query_user,$password) or die("Could not bind to LDAP");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
// Search AD
$results = ldap_search($ldap,$ldap_dn,"(sAMAccountName=$user)",array("memberof","primarygroupid"));
$entries = ldap_get_entries($ldap, $results);
if($entries['count'] == 0) {
echo "No results\n";
return false;
}
有没有人见过类似的结果?我错过了什么或任何配置来支持这种搜索吗?
答案 0 :(得分:3)
正确的代码问题......
$ldap_dn = "dc=ccc,dc=bbb,dc=aaa,dc=com";
// Active Directory user for querying
$query_user = "ldap_bind@ccc.bbb.aaa.com";
$password = "xxxx";
// Connect to AD
$ldap = ldap_connect($ldap_host, 389) or die("Could not connect to LDAP");
->>> bfore ldap_bind<<<- ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
->>> bfore ldap_bind<<<- ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_bind($ldap,$query_user,$password) or die("Could not bind to LDAP");
// Search AD
$results = ldap_search($ldap,$ldap_dn,"(sAMAccountName=$user)",array("memberof","primarygroupid"));
$entries = ldap_get_entries($ldap, $results);
if($entries['count'] == 0) {
echo "No results\n";
return false;
}