dtcrw26206 2011-04-27 20:46
浏览 91
已采纳

使用Zend_Ldap查询用户的所有组

I haven't really got much to show because I'm not overly familiar with ldap (Open Directory) at all and I'm having a bit of trouble understanding how to actually query the groups of a particular user. Using Zend_Auth_Adapter_Ldap(), 

$ldap = array(
    array('host' => 'od-master.foobar.net',
        'baseDn' => 'cn=users,dc=foobar,dc=net',
        'bindRequiresDn' => true,
        'accountCanonicalForm' => 2));

$authAdapter = new Zend_Auth_Adapter_Ldap($ldap);
// Set the input credential values to authenticate against
$authAdapter->setIdentity($form->getValue('username'));
$authAdapter->setCredential($form->getValue('password'));
//etc

I have the account being authenticated, but now I need to retrieve a list of groups this user belongs to. I'm not generally one to ask for help without trying stuff first, but I can't even get to that point. Any help is greatly appreciated.

In case my question wasn't obvious: how do you query all the groups of a particular user?

===== EDIT =====

As per suggestions given, this was my latest attempt:

$attributes = array('memberOf'); //also tried member
$users = $ldapAdapter->search('cn=username', $ldapAdapter->getBaseDn(), Zend_Ldap::SEARCH_SCOPE_SUB, $attributes);
foreach ($users as $user) {
   var_dump($user);
}

I did also try to do this outside of Zend_Ldap unsuccessfully.

$attributes = array('memberOf'); //also tried member
$result = ldap_search($ldapAdapter->getResource(), $baseDn, 'cn=username', $attributes);
$info = ldap_get_entries($ldapAdapter->getResource(), $result);

Which results in an empty array. Any further direction would be greatly appreciated.

===== EDIT 2 =====

So I tried to completely remove Zend_Ldap so I can test things easier, here is what I ended up with which results in array('count' => 0) returned.

$resource = ldap_connect('od-master.foobar.net', 389);
ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3);
$bind = ldap_bind($resource, 'uid=johnc,cn=users,dc=foobar,dc=net', '***');
$result = ldap_search($resource, 'cn=users,dc=foobar,dc=net', '(cn=username)');
$info = ldap_get_entries($resource, $result);
  • 写回答

4条回答 默认 最新

  • doujie1917 2011-04-28 08:12
    关注

    You just add to make a Ldap_Search in nod cn=users,dc=foobar,dc=net with a filter like cn=username for an attribute called memberOf.

    When you write a SEARCH in LDAP you give :

    1. The DN of the nod where begin the search
    2. The attributes you want to retreive
    3. the filter ((&(cn=username))
    4. The deepness of your search and here it's subtree (not OneLevel, nor base)
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 oracle集群安装出bug
  • ¥15 关于#python#的问题:自动化测试
  • ¥20 问题请教!vue项目关于Nginx配置nonce安全策略的问题
  • ¥15 教务系统账号被盗号如何追溯设备
  • ¥20 delta降尺度方法,未来数据怎么降尺度
  • ¥15 c# 使用NPOI快速将datatable数据导入excel中指定sheet,要求快速高效
  • ¥15 再不同版本的系统上,TCP传输速度不一致
  • ¥15 高德地图点聚合中Marker的位置无法实时更新
  • ¥15 DIFY API Endpoint 问题。
  • ¥20 sub地址DHCP问题