dqo88037
2019-08-18 17:57 阅读 166
已采纳

PHP从活动目录中读取用户信息

I have to read some general information of user

like name, last name , email, department and etc. from an active directory with a PHP script

This is my code:

define('DOMAIN_FQDN', 'domain.ltd');
define('LDAP_SERVER', '192.168.30.1');

    $user = strip_tags($_POST['username']) .'@'. DOMAIN_FQDN;
    $pass = stripslashes($_POST['password']);
    $conn = ldap_connect("ldap://". LDAP_SERVER ."/");

    if (!$conn){
        $err = 'Could not connect to LDAP server';
    }else{
        //define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);

        ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);

        $bind = @ldap_bind($conn, $user, $pass);

        ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);

        if ($bind){
            //$base_dn = array("CN=Users,DC=". join(',DC=', explode('.', DOMAIN_FQDN)), "OU=Users,OU=People,DC=". join(',DC=', explode('.', DOMAIN_FQDN)));
            $base_dn = array("DC=". join(',DC=', explode('.', DOMAIN_FQDN)), "OU=*,DC=". join(',DC=', explode('.', DOMAIN_FQDN)));
            $result = ldap_search(array($conn,$conn), $base_dn, "(cn=*)");
            if (!count($result)){
                $err = 'Unable to login: '. ldap_error($conn);
            }else{
                foreach ($result as $res){
                    $info = ldap_get_entries($conn, $res);
                    print_r($info);
                }
            }
        }
    }

This code print_r($info); returns a array with a lot of data which means my connection is working good..

but there isn't any thing about user

i need to get current logged in user data

Is this wrong or I must put some more options on it?

the user data in active directory:

enter image description here

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    dongqiuge5435 dongqiuge5435 2019-08-19 19:00

    You have to decide which accounts you want to read. Using the filter (cn=*), you are telling AD to give you every object where the cn attribute has a value. That will match to almost every AD object in your domain, including computers, which I don't think you want.

    If you want to find all users on the domain, you can use this:

    (objectClass=user)
    

    If you want to find one specific user, the query will depend on what identifier you have for that user. For example, if you know their username (let's say "PeimanF"), then the query would look like this:

    (&(objectClass=user)(sAMAccountName=PeimanF))
    
    点赞 评论 复制链接分享

相关推荐