我有一个AD林,我有多个域。有一个父域,其他域是子域。信任关系是双向的。我想从AD获取用户数据。我连接到根域控制器并与驻留在其中一个子域中的服务帐户执行绑定。我能够成功地做到这一点。当我尝试在AD中搜索用户时,我收到操作错误,但没有详细说明错误产生的原因。
我的代码:
$ldap_server_url = "<LDAP Server URL>";
$ldap_bind_dn = "<Service Account Credentials>";
$ldap_bind_dn_password = "<Service Account Password>";
$ldap_search_base = "dc=parentdomain,dc=com";
$ldapconn = ldap_connect($ldap_server_url);
if (version_compare(PHP_VERSION, '5.3.0') >= 0 ) {
ldap_set_option(null, LDAP_OPT_NETWORK_TIMEOUT, 5);
}
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
$ldap_bind = @ldap_bind($ldapconn, $ldap_bind_dn, $ldap_bind_password);
$attrs = array("ou", "sn", "givenname", "mail");
if($ldap_bind){
$search_filter = "(&(objectClass=*)(cn=myuser))";
$search_result = ldap_search($ldapconn, $ldap_search_base, $search_filter, $attrs);
echo ldap_errno($ldapconn);
echo ldap_error($ldapconn);
}
是否与权限有关?