dqo88037 2019-08-18 17:57
浏览 201
已采纳

PHP从活动目录中读取用户信息

I have to read some general information of user

like name, last name , email, department and etc. from an active directory with a PHP script

This is my code:

define('DOMAIN_FQDN', 'domain.ltd');
define('LDAP_SERVER', '192.168.30.1');

    $user = strip_tags($_POST['username']) .'@'. DOMAIN_FQDN;
    $pass = stripslashes($_POST['password']);
    $conn = ldap_connect("ldap://". LDAP_SERVER ."/");

    if (!$conn){
        $err = 'Could not connect to LDAP server';
    }else{
        //define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);

        ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);

        $bind = @ldap_bind($conn, $user, $pass);

        ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);

        if ($bind){
            //$base_dn = array("CN=Users,DC=". join(',DC=', explode('.', DOMAIN_FQDN)), "OU=Users,OU=People,DC=". join(',DC=', explode('.', DOMAIN_FQDN)));
            $base_dn = array("DC=". join(',DC=', explode('.', DOMAIN_FQDN)), "OU=*,DC=". join(',DC=', explode('.', DOMAIN_FQDN)));
            $result = ldap_search(array($conn,$conn), $base_dn, "(cn=*)");
            if (!count($result)){
                $err = 'Unable to login: '. ldap_error($conn);
            }else{
                foreach ($result as $res){
                    $info = ldap_get_entries($conn, $res);
                    print_r($info);
                }
            }
        }
    }

This code print_r($info); returns a array with a lot of data which means my connection is working good..

but there isn't any thing about user

i need to get current logged in user data

Is this wrong or I must put some more options on it?

the user data in active directory:

enter image description here

  • 写回答

1条回答 默认 最新

  • dongqiuge5435 2019-08-19 19:00
    关注

    You have to decide which accounts you want to read. Using the filter (cn=*), you are telling AD to give you every object where the cn attribute has a value. That will match to almost every AD object in your domain, including computers, which I don't think you want.

    If you want to find all users on the domain, you can use this: 

    (objectClass=user)

    If you want to find one specific user, the query will depend on what identifier you have for that user. For example, if you know their username (let's say "PeimanF"), then the query would look like this:

    (&(objectClass=user)(sAMAccountName=PeimanF))
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 优质github账号直接兑换rmb,感兴趣伙伴可以私信
  • ¥15 错误(10048): “调用exui内部功能”库命令的参数“参数4”不能接受空数据。怎么解决啊
  • ¥15 安装svn网络有问题怎么办
  • ¥15 Python爬取指定微博话题下的内容,保存为txt
  • ¥15 vue2登录调用后端接口如何实现
  • ¥65 永磁型步进电机PID算法
  • ¥15 sqlite 附加(attach database)加密数据库时,返回26是什么原因呢?
  • ¥88 找成都本地经验丰富懂小程序开发的技术大咖
  • ¥15 如何处理复杂数据表格的除法运算
  • ¥15 如何用stc8h1k08的片子做485数据透传的功能?(关键词-串口)