dqo88037 2019-08-18 17:57
浏览 201
已采纳

PHP从活动目录中读取用户信息

I have to read some general information of user

like name, last name , email, department and etc. from an active directory with a PHP script

This is my code:

define('DOMAIN_FQDN', 'domain.ltd');
define('LDAP_SERVER', '192.168.30.1');

    $user = strip_tags($_POST['username']) .'@'. DOMAIN_FQDN;
    $pass = stripslashes($_POST['password']);
    $conn = ldap_connect("ldap://". LDAP_SERVER ."/");

    if (!$conn){
        $err = 'Could not connect to LDAP server';
    }else{
        //define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);

        ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);

        $bind = @ldap_bind($conn, $user, $pass);

        ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);

        if ($bind){
            //$base_dn = array("CN=Users,DC=". join(',DC=', explode('.', DOMAIN_FQDN)), "OU=Users,OU=People,DC=". join(',DC=', explode('.', DOMAIN_FQDN)));
            $base_dn = array("DC=". join(',DC=', explode('.', DOMAIN_FQDN)), "OU=*,DC=". join(',DC=', explode('.', DOMAIN_FQDN)));
            $result = ldap_search(array($conn,$conn), $base_dn, "(cn=*)");
            if (!count($result)){
                $err = 'Unable to login: '. ldap_error($conn);
            }else{
                foreach ($result as $res){
                    $info = ldap_get_entries($conn, $res);
                    print_r($info);
                }
            }
        }
    }

This code print_r($info); returns a array with a lot of data which means my connection is working good..

but there isn't any thing about user

i need to get current logged in user data

Is this wrong or I must put some more options on it?

the user data in active directory:

enter image description here

  • 写回答

1条回答 默认 最新

  • dongqiuge5435 2019-08-19 19:00
    关注

    You have to decide which accounts you want to read. Using the filter (cn=*), you are telling AD to give you every object where the cn attribute has a value. That will match to almost every AD object in your domain, including computers, which I don't think you want.

    If you want to find all users on the domain, you can use this:

    (objectClass=user)
    

    If you want to find one specific user, the query will depend on what identifier you have for that user. For example, if you know their username (let's say "PeimanF"), then the query would look like this:

    (&(objectClass=user)(sAMAccountName=PeimanF))
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?