在 PHP 中从 openLDAP 获取所有可能的属性和所有对象类
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5026546/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Get all possible attributes and all objectClasses from openLDAP in PHP
提问by Ajax
I have to write LDAP editor in PHP. LDAP is used for store network devices (switch,AP,..). So, it is not normal functionality and I found lot of problems. The biggest problem is:
我必须用 PHP 编写 LDAP 编辑器。LDAP 用于存储网络设备(交换机、AP 等)。所以,这不是正常的功能,我发现了很多问题。最大的问题是:
Is possible to read all objectClasses from database and all attributes for given objectClass?
是否可以从数据库中读取所有对象类以及给定对象类的所有属性?
Thanks for all replies!! Ajax
感谢所有回复!!阿贾克斯
回答by kalyan
why not?
为什么不?
There will be a subschema entry per server which comprises all the objectclasses and attributetypes. (including AD)
每个服务器将有一个包含所有对象类和属性类型的子模式条目。(包括广告)
But the subschema entry dn may be different in each implementation, this can be looked up from rootDSE attribute "subschemasubentry"
但是每个实现中的子模式条目 dn 可能不同,这可以从 rootDSE 属性“subschemasubentry”中查找
-AD example-
ldapsearch -s base -b "" -D cn=Administrator,cn=users,dc=domain,dc=com -w 'password' -x -h 192.168.3.10 objectClass=* subschemasubentry
**OUTPUT:**
dn:
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com
-OpenLdap example-
ldapsearch -s base -b "" -D cn=Administrator,dc=capua,dc=com -w password -x -h 192.168.3.11 subschemaSubentry
**OUTPUT:**
#
dn:
objectClass: top
objectClass: OpenLDAProotDSE
subschemaSubentry: cn=Subschema
Also, note the search scope. It should be BASE_LEVEL, otherwise it wont return any result.
另外,请注意搜索范围。它应该是BASE_LEVEL,否则它不会返回任何结果。
After this search the subschema for objectclasses and attributetypes.
在此之后搜索对象类和属性类型的子模式。
ldapsearch -s base -b "cn=subschema" -D cn=Administrator,dc=capua,dc=com -w password -x -h 192.168.3.11 objectclass=subschema objectclasses attributetypes
This will return all the objectclasses and attributetypes as string. You dont have an option of querying list of attribute of a given objectclass. You can ONLY get the ldif output of all stored objetclass and attribute. Probably you can write a parser or create some ldif object if that works. But if its AD you might have little flexibility by directly querying cn=Schema,cn=configuration.
这将以字符串形式返回所有对象类和属性类型。您没有查询给定对象类的属性列表的选项。您只能获取所有存储的对象类和属性的 ldif 输出。如果可行,您可能可以编写解析器或创建一些 ldif 对象。但是如果是 AD,直接查询 cn=Schema,cn=configuration 可能没有什么灵活性。
Have a look at the php code. Assuming $ld is connected. Some directory server allows anonymous read on the subschema, in which case you dont need to bind.
看看php代码。假设 $ld 已连接。某些目录服务器允许对子模式进行匿名读取,在这种情况下您不需要绑定。
//Get the subschema dn from rootDSE
$search = ldap_read($ld, "", "objectclass=*", array('*', 'subschemasubentry'));
$entries = ldap_get_entries($ld, $search);
$schemadn = $entries[0]["subschemasubentry"][0];
print "Searching ". $schemadn . "<br/>";
// Read all objectclass, attributetype from subschema
$schsearch = ldap_read($ld, $schemadn, "objectClass=subSchema", array('objectclasses', 'attributetypes'));
$schentries = ldap_get_entries($ld, $schsearch);
$count = $schentries[0]["attributetypes"]["count"];
print "Printing all attribute types <br/>";
for ($i=0; $i<$count; $i++)
print $schentries[0]["attributetypes"][$i] . "<br/>";
$count = $schentries[0]["objectclasses"]["count"];
print "Printing all objectclasses <br/>";
for ($i=0; $i<$count; $i++)
print $schentries[0]["objectclasses"][$i] . "<br/>";
回答by Stefan Gehrig
Perhaps you should have a look at Zend_Ldap, the LDAP component in the Zend Framework. It allows schema introspection for OpenLDAP servers and those compatible with OpenLDAP. The code may provide you with some hints on how to do this.
也许您应该看看Zend 框架中Zend_Ldap的 LDAP 组件。它允许对 OpenLDAP 服务器和与 OpenLDAP 兼容的服务器进行模式自省。该代码可能会为您提供有关如何执行此操作的一些提示。
Please note that this procedure is not possible with an Active Directory server as they store the schema information in a form that cannot be retrieved by ext/phpdue to the lack of paging support.
请注意,此过程不适用于 Active Directory 服务器,因为它们以一种ext/php由于缺乏分页支持而无法检索的形式存储架构信息。
