Question

我开发了一个基于网络的基本应用，通过PHP使用登录系统连接到我们的Active Directory。

它针对AD进行身份验证，并将用户登录到回显其用户名的基本页面。

我真正想要的不是回显他们的用户名，而是获取他们的AD名字和姓氏或他们的显示名称。

这是我对AD进行身份验证的代码。

<?php
// Initialize session
session_start();

function authenticate($user, $password) {
    // Active Directory server
    $ldap_host = "...";

    // Active Directory DN
    $ldap_dn = "OU=...,DC=...,DC=...";

    // Active Directory user group
    $ldap_user_group = "...";

    // Active Directory manager group
    $ldap_manager_group = "...";

    // Domain, for purposes of constructing $user
    $ldap_usr_dom = "@...";

// connect to active directory
$ldap = ldap_connect($ldap_host);


// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
    // valid
    // check presence in groups
    $filter = "(sAMAccountName=" . $user . ")";
    $attr = array("memberof");
    $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap, $result);
    ldap_unbind($ldap);


    // check groups
    foreach($entries[0]['memberof'] as $grps) {
        // is manager, break loop
        if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }


        // is user
        if (strpos($grps, $ldap_user_group)) $access = 1;
    }


    if ($access != 0) {
        // establish session variables
        $_SESSION['user'] = $user;
        $_SESSION['access'] = $access;
        return true;
    } else {
        // user has no rights
        return false;
    }


} else {
    // invalid name or password
    return false;
}
}
?>

非常感谢任何帮助，我对这类东西不熟悉！

Answer 1

你是如此接近答案。您只需要向要求返回的属性添加一些项目。您可以更改以下行

$attr = array("memberof");

如果您希望从目录服务器返回更多人口统计信息

，请执行以下操作

$attr = array("cn", "displayName", "givenName", "sn", "mail", "memberof");

Answer 2

感谢您的回答。我已经更新了阵列以使用这些属性 - 尽管我不确定如何将此信息拉出并显示出来。我现在得到的是......

    <?php
// Initialize session
session_start();

function authenticate($user, $password) {
    // Active Directory server
    $ldap_host = " ";

    // Active Directory DN
    $ldap_dn = " ";

    // Active Directory user group
    $ldap_user_group = " ";

    // Active Directory manager group
    $ldap_manager_group = " ";

    // Domain, for purposes of constructing $user
    $ldap_usr_dom = " ";

// connect to active directory
$ldap = ldap_connect($ldap_host);

// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
    // valid
    // check presence in groups
    $filter = "(sAMAccountName=" . $user . ")";
    $attr = array("cn", "displayName", "givenName", "sn", "mail", "memberof");    
    $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap, $result);
    $displayname = $entries[0]['displayName'];
    ldap_unbind($ldap);

    // check groups
    foreach($entries[0]['memberof'] as $grps) {
        // is manager, break loop
        if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }

        // is user
        if (strpos($grps, $ldap_user_group)) $access = 1;
    }

    if ($access != 0) {
        // establish session variables
        $_SESSION['user'] = $user;
        $_SESSION['access'] = $access;
        $_SESSION['displayName'] = $displayname;
        return true;
    } else {
        // user has no rights
        echo "<script type='text/javascript'>alert('You have no access to this page.')</script>";
        return false;
    }

} else {
    // invalid name or password
        return false;

}
}
?>

Active Directory和PHP Web应用程序 - 获取显示名称等

2 个答案: