dqo88037 2019-08-18 17:57
浏览 201
已采纳

PHP从活动目录中读取用户信息

I have to read some general information of user

like name, last name , email, department and etc. from an active directory with a PHP script

This is my code:

define('DOMAIN_FQDN', 'domain.ltd');
define('LDAP_SERVER', '192.168.30.1');

    $user = strip_tags($_POST['username']) .'@'. DOMAIN_FQDN;
    $pass = stripslashes($_POST['password']);
    $conn = ldap_connect("ldap://". LDAP_SERVER ."/");

    if (!$conn){
        $err = 'Could not connect to LDAP server';
    }else{
        //define('LDAP_OPT_DIAGNOSTIC_MESSAGE', 0x0032);

        ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
        ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);

        $bind = @ldap_bind($conn, $user, $pass);

        ldap_get_option($conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);

        if ($bind){
            //$base_dn = array("CN=Users,DC=". join(',DC=', explode('.', DOMAIN_FQDN)), "OU=Users,OU=People,DC=". join(',DC=', explode('.', DOMAIN_FQDN)));
            $base_dn = array("DC=". join(',DC=', explode('.', DOMAIN_FQDN)), "OU=*,DC=". join(',DC=', explode('.', DOMAIN_FQDN)));
            $result = ldap_search(array($conn,$conn), $base_dn, "(cn=*)");
            if (!count($result)){
                $err = 'Unable to login: '. ldap_error($conn);
            }else{
                foreach ($result as $res){
                    $info = ldap_get_entries($conn, $res);
                    print_r($info);
                }
            }
        }
    }

This code print_r($info); returns a array with a lot of data which means my connection is working good..

but there isn't any thing about user

i need to get current logged in user data

Is this wrong or I must put some more options on it?

the user data in active directory:

enter image description here

  • 写回答

1条回答 默认 最新

  • dongqiuge5435 2019-08-19 19:00
    关注

    You have to decide which accounts you want to read. Using the filter (cn=*), you are telling AD to give you every object where the cn attribute has a value. That will match to almost every AD object in your domain, including computers, which I don't think you want.

    If you want to find all users on the domain, you can use this:

    (objectClass=user)
    

    If you want to find one specific user, the query will depend on what identifier you have for that user. For example, if you know their username (let's say "PeimanF"), then the query would look like this:

    (&(objectClass=user)(sAMAccountName=PeimanF))
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 关于#硬件工程#的问题:求一下解题思路
  • ¥15 运筹学对偶单纯行法构造扩充问题
  • ¥20 XP系统的老电脑一开机就提示找不到rundll.exe,付费求解
  • ¥15 milvus查询出来的score怎么转换成0-1之间的相似性
  • ¥15 多ip服务器站群如何搭建l2tp服务器
  • ¥15 lvgl V9移植到linux开发板
  • ¥15 VB.net中在窗体中创建一个button控件来关闭窗体,但是提示错误,我该怎么办
  • ¥15 网上下载好的程序但是arduinoIDE编程报错,运行不了,哪里出错了,能具体给改一下吗
  • ¥15 Sharepoint JS开发 付费技术指导
  • ¥15 输入程序运行仿真后,烟雾值不实时检测,变成固定值