2016-02-01 21:03
浏览 217

使用samaccountname修改AD LDAP对象

I have a php script which works but I need to change it to use an AD account (samaccountname) instead of CN in this sample;


$base_dn="CN=Peter Parker,OU=Subcontainer,OU=Subcontainer,OU=Container,
$ldapconn = ldap_connect("host.domain.com") or die("Could not connect to LDAP server.");

if ($ldapconn)
    $ldapbind = ldap_bind($ldapconn, $ldapusername, $ldappassword);

    if ($ldapbind)
        echo "LDAP bind successful ...";
        echo "LDAP bind failed ...";


The intention is to modify the ipphone object for users in AD, but I can't use CN because this input is not unique enough for the task. If the CN in the account's base DN is the descriptive name of the user, am I out of luck?

图片转代码服务由CSDN问答提供 功能建议

我有一个PHP脚本可以工作,但我需要将其更改为使用AD帐户(samaccountname)而不是CN 在此示例中;

 $ base_dn =“CN = Peter Parker,OU = Subcontainer,OU = Subcontainer,OU = Container,
DC =  domain,DC = com“; 
 $ ldapconn = ldap_connect(”host.domain.com“)或die(”无法连接到LDAP服务器。“); 
if($ ldapconn)
 $  ldapbind = ldap_bind($ ldapconn,$ ldapusername,$ ldappassword); 
 if if($ ldapbind)
 echo“LDAP bind successful ...”; 
 echo  “LDAP绑定失败...”; 
 $ newinfo ['ipphone'] =“555”; 
ldap_modify($ ldapconn,$ base_dn,$ newinfo); 
?&gt; \  n   

目的是修改AD中用户的ipphone对象,但我不能使用CN,因为此输入对于任务来说不够独特。 如果帐户的基本DN中的CN是用户的描述性名称,我运气不好吗?

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

1条回答 默认 最新

  • dpdhnd3577 2016-02-02 14:14

    You have to give ldap_modify the distinguished name (DN) of the account you want to change. There is no way around that.

    If you start out only knowing the sAMAccountName, then you can search the domain for the account first, then grab the distinguishedName attribute from the results.

    To search, use ldap_search using the filter "(sAMAccountName=username)"

    解决 无用
    打赏 举报

相关推荐 更多相似问题