我想查询AD以使用LDAP获取特定用户信息。目前,我不得不使用LDAP进行子搜索,以缩小从初始搜索返回的用户列表。
有没有办法查询AD以仅使用用户名和密码登录的用户,以便结果集中没有完整的用户数组?
目前我有:
public function authenticate_user($user, $pass)
{
$this->user = $user;
try
{
$this->userConn = ldap_connect($this->domain);
}
catch (Exception $e)
{
echo '<pre>';
echo "Can't connect to ActiveDirectory: " . $e->GetMessage();
echo '</pre>';
exit;
}
ldap_set_option( $this->userConn, LDAP_OPT_PROTOCOL_VERSION, 3 ); // Recommended for AD
ldap_set_option( $this->userConn, LDAP_OPT_REFERRALS, 0 );
try
{
ldap_bind($this->userConn, $user . $this->account_suffix, $pass);
$this->userBinding = ldap_read($this->userConn, $this->base_dn, '(OU="Domain Users")');
}
catch (Exception $e)
{
return $e->GetMessage();
}
return 'Authenticated';
}
public function get_user_info()
{
$sn = substr($this->user, 1, strlen($this->user));
try
{
$result = ldap_search($this->userConn, $this->base_dn, "CN=Domain Admins");
}
catch (Exception $e)
{
return "Can't find users ldap_search " . $e->GetMessage();
}
if (isSet($result))
{
$member_list = ldap_get_entries($this->userConn, $result);
if (isSet($member_list) && is_array($member_list))
{
// return $member_list;
$member_details = $this->get_members($member_list);
}
else
{
ldap_close($this->userConn);
return FALSE;
}
ldap_close($this->userConn);
return $member_details;
}
else
{
ldap_close($this->userConn);
return FALSE;
}
}
我想避免必须返回一个用户数组,然后在PHP中遍历数组并执行另一个ldap_search。有什么建议吗?
答案 0 :(得分:0)
在稍微调试代码之后,我发现将ldap_search中的function get_user_info()从$result = ldap_search($this->userConn, $this->base_dn, "CN=Domain Admins");更改为$result = ldap_search($this->userConn, $this->base_dn, "mail=" . $email);其中$email是使用的登录名。