dti3914 2016-12-13 13:43
浏览 35

too long

I'm trying to use ldap_search to check if a user exist on a AD database.

This is my code to connect:

$ldapconn = ldap_connect("10.0.0.230");
        $clave = "XXX";
        $searchUser = "YYY";
        $ldap_success = false;
        if (ldap_bind($ldapconn, $searchUser, $clave)) {

            $attributes = ['cn'];
            $filter = "(&(objectClass=user)(objectCategory=person)(userPrincipalName=".ldap_escape($post_send['username'], null, LDAP_ESCAPE_FILTER)."))";
            $baseDn = "DC=redcne,DC=cne,DC=cl";
            $results = ldap_search($ldapconn, $baseDn, $filter, $attributes);
            var_dump($results);
            print_r($results);
            exit(0);

But $results always return false. So, I don't know if:

  • I making a mistake with my parameters on ldap_search
  • The parameters aren't valid

I have to bind first, like this: 

ldap_bind($ldapconn, $searchUser, $clave))

that returns true, I know I can bind to AD, but I don't how to check if I'm doing the ldap_search part correctly or I have problem with my permissons or something like that.

UPDATE: I got the error:

ldap_search(): Search: Operations error
  • 写回答

1条回答 默认 最新

  • duanmei2805 2016-12-13 18:32
    关注

    The problem was on the filter, I had to use another field than 'cn', it was 'samaccountname'. I had to download ALL the info of the AD then I could check whihc field to use. Plus, I had to use userPrincipalName in lowercase to work.

    $ldapconn = ldap_connect("10.0.0.230");
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0) or die('Unable to set LDAP opt referrals');
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
$searchPass = "XXX";
$searchUser = "YYY";
$ldap_success = false;
if (ldap_bind($ldapconn, $searchUser, $searchPass)) {
    try{
        $post_send['password'] = $searchPass;
        $attributes = ['cn'];
        $filter = "(&(objectClass=user)(objectCategory=person)(samaccountname=".ldap_escape($post_send['username'], null, LDAP_ESCAPE_FILTER)."))";
        $baseDn = "DC=XXX,DC=XX,DC=cl";
        $results = ldap_search($ldapconn, $baseDn, $filter, $attributes);
        $info = ldap_get_entries($ldapconn, $results);
        if ( $info && $info['count'] === 1 ) {
                $ldap_success = true;
        } else {
                $ldap_success = false;
        }
    }
    catch(\Exception $e){
            $ldap_success = false;
    }
}
    评论

报告相同问题?

悬赏问题

  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测