dongliao4353 2011-05-11 18:18
浏览 442
已采纳

过滤掉LDAP用户的最佳方法

I am using an LDAP - Active Directory to authenticate users for a project of mine.

I currently have 2 login pages - 1 is intended for students, the other for staff.

I have managed to write an authentication script to bind to the LDAP server - this works for all users stored on the LDAP server.

Now i want to be able to filter out students from staff, allowing only staff to login via the "staff login page".

The DN looks something like the following:

cn=USERNAME,ou=DEPT,ou=MAS,ou=LAN,o=UNI  <-- STAFF
cn=USERNAME,ou=DEPT,ou=STUDENT,ou=LAN,o=UNI <-- STUDENT

How can i go about filtering out ou=STUDENT or something to stop students from being able to login via the new Staff authentication script?

Thankyou

  • 写回答

1条回答 默认 最新

  • doushi8186 2011-05-11 18:40
    关注

    To prevent student from being able to login via the new Staff authentication script, you can just change the base of you LDAP search. In spite of searching the UPN in the whole directoryn you searche the UPN from ou=MAS,ou=LAN,o=UNI.

    With LDIFDE.EXE it would give :

    ldifde -f c:\temp\user.ldf -d "ou=MAS,ou=LAN,o=UNI" -r "(userPrincipalName=login)"

    So the search don't return anything if the user is a student.

    On absolute LDAP it exists a filter syntax called ExtensibleMatch which allow you to do that, but it does work in AD.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

  • 过滤LDAP用户最佳方法 php
    2011-05-11 18:18
    回答 1 已采纳 To prevent student from being able to login via the new Staff authentication script, you can just
  • PHP LDAPldap_search只返回少数用户 php
    2017-03-06 15:55
    回答 1 已采纳 try to play with the scope (it can be sub, one, or base), if you want all entries from child OUs,
  • PHP LDAP会话持久性 php
    2019-02-04 15:31
    回答 1 已采纳 The problem is not about LDAP, the problem is about HTTP. HTTP is a stateless protocol whereas LD
  • php操作ldap
    2022-07-31 22:00
    七&仔的博客 公司需要对接ad域,采用的是ldap协议(此处可以百度了解下,也是第一次摸索) 代码详情,查看本文>>
  • PHP LDAP绑定AD与服务器的用户帐户 php
    2014-07-30 14:11
    回答 1 已采纳 As you run it from server itself, and you just want to read I would try to use : ... if(ldap_bind
  • LDAP过滤器:仅从给定日期开始更新用户 php
    2018-04-25 18:48
    回答 1 已采纳 You would search by the whenChanged attribute. Something like this: (&(whenChanged>=2018042515
  • LDAP CHANGE PASSWORD PHP php ssl
    2018-06-06 04:04
    回答 1 已采纳 You need to be on a secured connection to modify a password (and probably other security related o
  • LDAPPHP的要点
    2020-08-17 00:31
    culi3118的博客 Ever wanted a simple way to store address book style information and network information ... 是否曾经想过一种简单的方法来将地址簿样式信息和网络信息实际上存储在任何有序信息旁边? If so, then the...
  • PHP组的LDAP成员 php windows
    2016-05-13 11:37
    回答 1 已采纳 You might want to have a look at this stack-overflow question to see how to solve it without a lib
  • PHP LDAP - 获取内部字段 php
    2016-09-29 05:54
    回答 2 已采纳 You can retrieve them using '+' as attribute-name. So you should be able to fetch them using ldap
  • 在AD LDAP中查找用户 php
    2019-03-07 09:48
    回答 1 已采纳 Your query is indeed invalid. In LDAP query syntax, a "this OR that" condition is written as (|(t
  • LDAP系列三用户权限控制
    2019-05-24 18:12
    xyy511的博客 指定被授权的用户范围的方法大致有以下几种: * 所有的访问者,包括匿名的用户 anonymous 非认证的匿名用户 users 认证的用户 self 目标记录的用户自身 dn[.]=<regex> 在指定目录内匹配正则表达式的...
  • PHP从活动目录中读取用户信息 php
    2019-08-18 17:57
    回答 1 已采纳 You have to decide which accounts you want to read. Using the filter (cn=*), you are telling AD to
  • LDAP安全防护说明
    2021-06-01 22:57
    securitysun的博客 LDAP过滤器的结构和使用得最广泛的LDAP:ADAM和OpenLDAP 1、服务端对输入内容的合法性进行验证,检查提交的数据是否包含特殊字符,对特殊字符进行编码转换。 2、对于系统出现的错误信息,使用统一的错误页面,...
  • 在Windows和UNIX下利用PHPLDAP进行身份验证
    2019-06-24 16:27
    weixin_33875564的博客 我现在的老板曾要求我为企业内部的Web服务提供一种标准的身份...我认为解决现在的UNIX/Windows问题的最好方法就是利用PHPLDAP特性。由于LDAP,要求我使用现有的系统,主要指的是一个巨大的 Microsoft Exchange ...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来
  • ¥15 求帮我调试一下freefem代码
  • ¥15 matlab代码解决,怎么运行
  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法