doujiao8649 2019-03-07 09:48
浏览 212
已采纳

在AD LDAP中查找用户

Good time of the day, i've came across the problem of building the filter for LDAP.

Few notes before the actual question:

Фамилия = Family Name (will be presented as FamilyName)  
Имя = Name (will be presented as Name)  
Отчество = Patronymic (will be presented as Patronymic)

I have a user with the following information in the AD:

CN=Фамилия Имя Отчество
sn=FamilyName
givenname=Name

I want to provide the following functionality:

  1. User can either enter theName FamilyName in the field on the website, this will result in the array of 2 filters for Name FamilyName and FamilyName Name'
  2. User can enter Имя Фамилия and the search should switch from (&(sn=)(givenname=)) to (cn=)

Currently i have the following piece of code to accomplish the first option:

    /**
     * Generate search terms
     * @param string $query
     * @return LDAPSearcher
     */
    protected function generateSearchTerms(string $query) : self {
        $this->searchTerms = [];
        $explode = explode(' ', $query);
        $combinations = [];
        array_combinations($explode, $combinations);

        foreach($combinations as $index => $combination) {
            if (false !== strpos($combination, ' ')) {
                [$firstName, $lastName] = explode(' ', $combination);
                $this->searchTerms[] = [
                    'sn'        =>  $lastName,
                    'cn'        =>  $combination,
                    'givenname' =>  $firstName,
                    'filter'    =>  '(&(sn=' . $firstName . ')(givenname=' . $lastName . '))'
                ];
            }
        }

        return $this;
    }

And it works just fine when user using the Latin representation of his/her First and Last names, but when i want to switch to using CN, i have no idea on how to do it.
I've tried the following piece of code for the filter, however it shows that filter is incorrect:
((&(sn=' . $firstName . ')(givenname=' . $lastName . '))|(cn=' . $combination . '*))

Any help is really appreciated!

P.S. it DOES NOT matter which variables i assing to SN or GivenName, since the combinations will match the correct user anyways, i'm running at most 3 searches for each user to ensure that the correct one is found (just to eliminate possibility of answers with assigning correct values to variables)

P.P.S. Combinations are generated using the following piece of code

if (! function_exists('array_combinations')) {

    function array_combinations(array $source, array &$target, ?string $tempString = null) {
        if ($tempString !== null) {
            $target[] = $tempString;
        }
        $size = \count($source);
        for ($i = 0; $i < $size; $i++) {
            $copy = $source;
            $element = array_splice($copy, $i, 1);
            $tmp = null;
            if ($tempString !== null) {
                $tmp = $tempString . ' ' . $element[0];
            } else {
                $tmp = $element[0];
            }
            if (\count($copy) > 0) {
                array_combinations($copy, $target, $tmp);
            } else {
                $target[] = $tmp;
            }
        }

    }

}
  • 写回答

1条回答 默认 最新

  • dqm88684 2019-03-07 14:51
    关注

    Your query is indeed invalid.

    In LDAP query syntax, a "this OR that" condition is written as (|(this)(that)). But you have put the | between your conditions. It needs to be at the front. It should look something like this:

    (|(&(sn=' . $firstName . ')(givenname=' . $lastName . '))(cn=' . $combination . '*))
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何实验stm32主通道和互补通道独立输出
  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题