doujiao8649 2019-03-07 09:48
浏览 212
已采纳

在AD LDAP中查找用户

Good time of the day, i've came across the problem of building the filter for LDAP.

Few notes before the actual question:

Фамилия = Family Name (will be presented as FamilyName)  
Имя = Name (will be presented as Name)  
Отчество = Patronymic (will be presented as Patronymic)

I have a user with the following information in the AD:

CN=Фамилия Имя Отчество
sn=FamilyName
givenname=Name

I want to provide the following functionality:

  1. User can either enter theName FamilyName in the field on the website, this will result in the array of 2 filters for Name FamilyName and FamilyName Name'
  2. User can enter Имя Фамилия and the search should switch from (&(sn=)(givenname=)) to (cn=)

Currently i have the following piece of code to accomplish the first option:

    /**
     * Generate search terms
     * @param string $query
     * @return LDAPSearcher
     */
    protected function generateSearchTerms(string $query) : self {
        $this->searchTerms = [];
        $explode = explode(' ', $query);
        $combinations = [];
        array_combinations($explode, $combinations);

        foreach($combinations as $index => $combination) {
            if (false !== strpos($combination, ' ')) {
                [$firstName, $lastName] = explode(' ', $combination);
                $this->searchTerms[] = [
                    'sn'        =>  $lastName,
                    'cn'        =>  $combination,
                    'givenname' =>  $firstName,
                    'filter'    =>  '(&(sn=' . $firstName . ')(givenname=' . $lastName . '))'
                ];
            }
        }

        return $this;
    }

And it works just fine when user using the Latin representation of his/her First and Last names, but when i want to switch to using CN, i have no idea on how to do it.
I've tried the following piece of code for the filter, however it shows that filter is incorrect:
((&(sn=' . $firstName . ')(givenname=' . $lastName . '))|(cn=' . $combination . '*))

Any help is really appreciated!

P.S. it DOES NOT matter which variables i assing to SN or GivenName, since the combinations will match the correct user anyways, i'm running at most 3 searches for each user to ensure that the correct one is found (just to eliminate possibility of answers with assigning correct values to variables)

P.P.S. Combinations are generated using the following piece of code

if (! function_exists('array_combinations')) {

    function array_combinations(array $source, array &$target, ?string $tempString = null) {
        if ($tempString !== null) {
            $target[] = $tempString;
        }
        $size = \count($source);
        for ($i = 0; $i < $size; $i++) {
            $copy = $source;
            $element = array_splice($copy, $i, 1);
            $tmp = null;
            if ($tempString !== null) {
                $tmp = $tempString . ' ' . $element[0];
            } else {
                $tmp = $element[0];
            }
            if (\count($copy) > 0) {
                array_combinations($copy, $target, $tmp);
            } else {
                $target[] = $tmp;
            }
        }

    }

}
  • 写回答

1条回答 默认 最新

  • dqm88684 2019-03-07 14:51
    关注

    Your query is indeed invalid.

    In LDAP query syntax, a "this OR that" condition is written as (|(this)(that)). But you have put the | between your conditions. It needs to be at the front. It should look something like this:

    (|(&(sn=' . $firstName . ')(givenname=' . $lastName . '))(cn=' . $combination . '*))
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 #MATLAB仿真#车辆换道路径规划
  • ¥15 java 操作 elasticsearch 8.1 实现 索引的重建
  • ¥15 数据可视化Python
  • ¥15 要给毕业设计添加扫码登录的功能!!有偿
  • ¥15 kafka 分区副本增加会导致消息丢失或者不可用吗?
  • ¥15 微信公众号自制会员卡没有收款渠道啊
  • ¥100 Jenkins自动化部署—悬赏100元
  • ¥15 关于#python#的问题:求帮写python代码
  • ¥20 MATLAB画图图形出现上下震荡的线条
  • ¥15 关于#windows#的问题:怎么用WIN 11系统的电脑 克隆WIN NT3.51-4.0系统的硬盘