首先,我想指出我的PHP / LDAP技能非常低,所以我正在寻找sudo天才来帮助我解决此问题。 该公司最近与另一家公司合并,因此希望我们允许我们的用户针对我们拥有林信任的另一个Active Directory域中的PHP Web应用程序进行身份验证。 下面是我为LDAP连接提供的代码,以前是PHP天才的那个人现在已经离开公司,这已经归我所有了。但是,该代码无法正常工作。存储PHP应用程序的域中的用户可以正确访问。
<?php
$browser_shortname = explode('\\', $_SERVER['AUTH_USER']);
// Generate the global LDAP connection to the specificed primary server.
$ldap_connection = ldap_connect($ldap_protocol.$ldap_primaryhost) or die( header('Location: /error/?e=LD01'));
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, $ldap_protocolversion);
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, $ldap_referrals);
if ($ldap_tls == 1) {
ldap_start_tls($ldap_connection);
}
if ($ldap_debug == 1) {
ldap_set_option($ldap_connection, LDAP_OPT_DEBUG_LEVEL, 7);
}
$ldap_binding = ldap_bind($ldap_connection, $ldap_domain.'\\'.$ldap_username, $ldap_password);
if (!$ldap_binding) {
include ('/core/styles/'.$theme_selected.'/templates/101.tpl');
die();
}
$ldapus_filter = "(sAMAccountName=$browser_shortname[1])";
$ldapus_result = ldap_search($ldap_connection, $ldap_dn, $ldapus_filter);
$ldapus_details = ldap_get_entries($ldap_connection, $ldapus_result);
if ($browser_shortname[0] == "MY-DOMAIN") {
$ldap_khaconnection = ldap_connect($ldap_protocol.$ldap_khahost) or die( header('Location: /error/?e=LD01'));
ldap_set_option($ldap_khaconnection, LDAP_OPT_PROTOCOL_VERSION, $ldap_protocolversion);
ldap_set_option($ldap_khaconnection, LDAP_OPT_REFERRALS, $ldap_referrals);
$ldapus_filter = "(sAMAccountName=$browser_shortname[1])";
$ldapus_result = ldap_search($ldap_khaconnection, $ldap_khadn, $ldapus_filter);
$ldapus_details = ldap_get_entries($ldap_khaconnection, $ldapus_result);
echo "This confirms the user is coming from KHA.";
echo $browser_shortname[1];
}
$ldap_userfullname = $ldapus_details[0]["displayname"][0];
$ldap_userfirstname = $ldapus_details[0]["givenname"][0];
$ldap_usertitle = $ldapus_details[0]["title"][0];
$ldap_accountname = $ldapus_details[0]["samaccountname"][0];
?>