douzhi1937 2014-08-26 12:34
浏览 32
已采纳

在AD中搜索用户

What is the best LDAP filter to search for users in Active Directory? In my example filters I also exclude disabled accounts and accounts without email addresses.

Consider searching for the following name: "firname middlename lastname". My code parses this name as the following:

$name = "firstname middlename lastname";
$nameArray = explode(" ", $name);
$fullName = $name;
$firsName = $nameArray[0];
$lastName = $nameArray[count($nameArray)-1];

This filter works great if you only search for "firstname lastname" or "firstname middlename lastname", but dont work if you search for "firstname middlename":

(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=*)(givenname=$firstName*)(sn=$lastName*))

This filter works as intended but is painfully slow:

(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(mail=*)(|(&(givenname=$firstName*)(sn=$lastName*))(displayName=*$fullName*)))

The displayName holds off course the full name, but is formatted "lastname firstname middlename". In a perfect world, people would have 0 or 1 middle names, or only one lastname, but off course they can have more than that.

Any suggestions how to make a good (fast) search filter?

  • 写回答

1条回答 默认 最新

  • dqaxw44567 2014-08-26 19:37
    关注

    When doing Active Directory searches via LDAP, AD looks at your search query and starts selecting items from the database from the leftmost filter. In your queries, you first select all non-disabled accounts and only afterwards you look for the values you got from the user.

    My suggestion is to build the search query so that you start with the most accurate information you got from your user, i.e.:
    User entered: Robert ross -> your query would start with (givenName=$gn*).

    In other words, the first condition should be the one that is most restrictive, meaning there will be less objects which will meet the criteria.

    Also, you can limit the amount of objects returned from the server to a smaller number than the default (usually 1000) and only ask for more results when the user demands them. Also, sorting is quite expensive for the AD server so if you really need to sort, consider sorting with PHP.

    For a very detailed reading on optimising AD search operations, refer to Microsoft's MSDN page dedicated to this topic.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

  • AD搜索用户 php
    2014-08-26 12:34
    回答 1 已采纳 When doing Active Directory searches via LDAP, AD looks at your search query and starts selecting
  • AD LDAP查找用户 php
    2019-03-07 09:48
    回答 1 已采纳 Your query is indeed invalid. In LDAP query syntax, a "this OR that" condition is written as (|(t
  • PHP获取Azure AD用户角色 azure php
    2017-02-07 09:31
    回答 1 已采纳 Generally speaking, you can leverage Microsoft Graph REST APIs yo achieve your requirement. Firs
  • AD PHP Directory-开源
    2021-04-24 11:28
    使用PHP的Active Directory搜索。 旨在用作用户目录搜索实用程序。 从网络搜索指定OU的任何AD用户。 由一个PHP文件组成,该文件在搜索时会自行调用。
  • PHP cURL使用Windows AD Cert Auth证书 php ssl
    2016-02-09 14:08
    回答 1 已采纳 For completeness sake, I thought I would answer this with what I found out. There was a few diffe
  • adldap类,需要在两组搜索用户 php
    2010-04-02 15:21
    回答 1 已采纳 <?php $groups = array("FACULTY","STAFF"); if(isset($_SESSION['user_session'])) { $username
  • AD的DC电源接口 51单片机
    2022-05-08 22:25
    回答 2 已采纳 只一个符号而已,重要的是实物什么?几个脚,脚的粗细,间距所以先确定一个问题,实物到底是用什么电源,什么插头,要用什么开关控制 比如,如果是家用交流三角插座,你丢个3P的header3都行
  • CTFPHP特性
    2021-02-26 09:34
    Skn1fe的博客 本文以ctf.show网站题目为例,总结ctfphp特性 正则表达式 元字符 模式修正符 preg_match() 数组绕过 preg_match()只能处理字符串,当传入的subject是数组时会返回false if(preg_match("/[0-9]/
  • PHP LDAP绑定AD与服务器的用户帐户 php
    2014-07-30 14:11
    回答 1 已采纳 As you run it from server itself, and you just want to read I would try to use : ... if(ldap_bind
  • 如何使用Samba4 AD用户PHP网站进行身份验证 php
    2015-07-12 19:31
    回答 1 已采纳 I did this looong time ago with samba3 and PHP4. Sorry but I can't give you details right now but
  • AD10Properties在哪 pcb工艺 硬件工程
    2023-03-22 21:16
    回答 1 已采纳 在 Altium Designer ,Properties 对话框显示的是当前选对象的属性。如果您选择的是一个矩形(Rectangle)对象,那么 Properties 对话框就会显示矩形的属性
  • php ldap 查找,php – LDAP过滤器 – 查找特定OU的所有用户
    2021-03-24 00:40
    虾仁芝麻卷的博客 我在使用LDAP搜索过滤器时遇到问题.我需要检索的是特定LDAP组的所有用户,即OU = Staff,OU = Users,OU = Accounts,DC = test,DC = local我的搜索是:(&(objectCategory=user)(OU=Staff,OU=Users,OU=Accounts,DC=...
  • 使用PHP更新AD密码问题 php
    2015-03-18 06:31
    回答 1 已采纳 It worked out that this wasn't a issue with my code. I had to setup certificate authority on my se
  • 关于samba服务加入AD用户验证和权限管理
    2020-09-25 17:23
    我会扫堂腿的博客 关于samba服务加入AD用户验证和权限管理 1、环境:centos7 (1)安装samba服务和相关的软件包:samba, krb5-user, samba-client samba-common samba-winbind samba-winbind-clients 2、编辑配置文件 (1)resolv.conf ...
  • PHP学习线路图
    2018-09-19 19:33
    hixiaoyang的博客 PHP学习线路图 PHP教程 PHP教程 PHP简介 PHP环境设置 PHP语法概述 PHP变量类型 PHP常量类型 PHP运算符类型 PHP 条件语句 PHP循环语句 PHP数组 PHP字符串操作 PHP Web概念 PHP的GET...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥20 mysql架构,按照姓名分表
  • ¥15 MATLAB实现区间[a,b]上的Gauss-Legendre积分
  • ¥15 Macbookpro 连接热点正常上网,连接不了Wi-Fi。
  • ¥15 delphi webbrowser组件网页下拉菜单自动选择问题
  • ¥15 linux驱动,linux应用,多线程
  • ¥20 我要一个分身加定位两个功能的安卓app
  • ¥15 基于FOC驱动器,如何实现卡丁车下坡无阻力的遛坡的效果
  • ¥15 IAR程序莫名变量多重定义
  • ¥15 (标签-UDP|关键词-client)
  • ¥15 关于库卡officelite无法与虚拟机通讯的问题