如何使用 PHP 从 LDAP 目录中获取用户列表?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13404337/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to get list of users from LDAP directory using PHP?
提问by Benny Hill
$ldaphost = "my_host_name";
$ds=ldap_connect($ldaphost) or die("Could not connect to $ldaphost");
ldap_set_option ($ds, LDAP_OPT_REFERRALS, 0);
ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($ds)
{
$basedn = 'my_dc_string';
$samaccountname = 'my_user_name';
$filters = "(samaccountname={$samaccountname})";
$result = ldap_search($ds, $basedn, $filters);
}
How do I get the list of all users from LDAP using PHP? The above code fails on the ldap_search function giving this warning
如何使用 PHP 从 LDAP 获取所有用户的列表?上面的代码在 ldap_search 函数上失败,给出了这个警告
"Warning: ldap_search(): Search: Operations error"
“警告:ldap_search():搜索:操作错误”
my username, ldaphost etc are correct. I am not sure about the filters though.
我的用户名、ldaphost 等是正确的。虽然我不确定过滤器。
回答by Benny Hill
/**
* Get a list of users from Active Directory.
*/
$ldap_password = 'PASSWORD';
$ldap_username = 'USERNAME@DOMAIN';
$ldap_connection = ldap_connect(HOSTNAME);
if (FALSE === $ldap_connection){
// Uh-oh, something is wrong...
}
// We have to set this option for the version of Active Directory we are using.
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.
if (TRUE === ldap_bind($ldap_connection, $ldap_username, $ldap_password)){
$ldap_base_dn = 'DC=XXXX,DC=XXXX';
$search_filter = '(&(objectCategory=person)(samaccountname=*))';
$attributes = array();
$attributes[] = 'givenname';
$attributes[] = 'mail';
$attributes[] = 'samaccountname';
$attributes[] = 'sn';
$result = ldap_search($ldap_connection, $ldap_base_dn, $search_filter, $attributes);
if (FALSE !== $result){
$entries = ldap_get_entries($ldap_connection, $result);
for ($x=0; $x<$entries['count']; $x++){
if (!empty($entries[$x]['givenname'][0]) &&
!empty($entries[$x]['mail'][0]) &&
!empty($entries[$x]['samaccountname'][0]) &&
!empty($entries[$x]['sn'][0]) &&
'Shop' !== $entries[$x]['sn'][0] &&
'Account' !== $entries[$x]['sn'][0]){
$ad_users[strtoupper(trim($entries[$x]['samaccountname'][0]))] = array('email' => strtolower(trim($entries[$x]['mail'][0])),'first_name' => trim($entries[$x]['givenname'][0]),'last_name' => trim($entries[$x]['sn'][0]));
}
}
}
ldap_unbind($ldap_connection); // Clean up after ourselves.
}
$message .= "Retrieved ". count($ad_users) ." Active Directory users\n";
回答by pozs
From php.net:
从php.net:
ldap_connect() // establish connection to server
|
ldap_bind() // anonymous or authenticated "login"
|
do something like search or update the directory
and display the results
|
ldap_close() // "logout"
You should use ldap_bind()to login & after all operartion(s) ldap_close()to close the connection.
您应该使用ldap_bind()登录并在所有操作之后ldap_close()关闭连接。
