当前位置:theitroad>使用 PHP 从 Active Directory 获取用户的全名

使用 PHP 从 Active Directory 获取用户的全名

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/9471771/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-26 06:53:51  来源:igfitidea点击:

Getting the user's Full Name from Active Directory using PHP

phpactive-directory

提问by user1236435

I have a login page that uses PHP/LDAP for my users to access a company website. Below, I created a statement that stores the user's AD group membership in a variable, to be used later to redirect depending what membership the user has in AD>

我有一个登录页面,它使用 PHP/LDAP 供我的用户访问公司网站。下面,我创建了一个语句,将用户的 AD 组成员身份存储在一个变量中,稍后用于根据用户在 AD 中拥有的成员身份进行重定向>

Now, I would now like to also add the ability to get the user's full name from Active Directory, and store this for later use. How can I modify my statement below to store the user's full name from Active Directory into another variable? Any ideas??

现在,我现在还想添加从 Active Directory 获取用户全名的功能,并将其存储以备后用。如何修改下面的语句以将用户的全名从 Active Directory 存储到另一个变量中?有任何想法吗??

// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
    // valid
    // check presence in groups
    $filter = "(sAMAccountName=" . $user . ")";
    $attr = array("memberof");
    $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap, $result);
  /* I would like to get and store the user's display name here somehow */
    ldap_unbind($ldap);

    // check groups
    foreach($entries[0]['memberof'] as $grps) {
        // is manager, break loop
        if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }

        // is user
        if (strpos($grps, $ldap_user_group)) $access = 1;
    }

    if ($access != 0) {
        // establish session variables
        $_SESSION['user'] = $user;
        $_SESSION['access'] = $access;
        return true;
    } else {
        // user has no rights
        return false;
    }

} else {
    // invalid name or password
    return false;

Thanks in advance for any help/suggestions!

提前感谢您的任何帮助/建议!

EDIT

编辑

Here is now my full PHP page with dummy domain stuff, but I'm getting a syntax error and I can the problem :( and help or idea? Thanks Alex for the initial help !

这是我的完整 PHP 页面,其中包含虚拟域内容,但我遇到了语法错误,我可以解决问题:( 和帮助或想法?感谢亚历克斯的最初帮助!

    <?php
function authenticate($user, $password) {
    // Active Directory server
    $ldap_host = "my FQDC DC";

    // Active Directory DN
    $ldap_dn = "DC=something,DC=something";

    // Active Directory user group
    $ldap_user_group = "WebUsers";

    // Active Directory manager group
    $ldap_manager_group = "WebManagers";

    // Domain, for purposes of constructing $user
    $ldap_usr_dom = "@mycompany.com";

// connect to active directory
$ldap = ldap_connect($ldap_host);
// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
// valid
// check presence in groups
    $filter = "(sAMAccountName=" . $user . ")";
    $attr = array("memberof","givenname");
    $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap, $result);
    $givenname = $entries[0]['givenname'];
    ldap_unbind($ldap);

    // check groups
    foreach($entries[0]['memberof'] as $grps) {
        // is manager, break loop
        if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }

        // is user
        if (strpos($grps, $ldap_user_group)) $access = 1;
    }

    if ($access != 0) {
        // establish session variables
        $_SESSION['user'] = $user;
        $_SESSION['access'] = $access;
        $_SESSION['givenname'] = $givenname;
        return true;
    } else {
        // user has no rights
        return false;
    }

} else {
    // invalid name or password
    return false;
}

?>

回答by John V.

Try this:

尝试这个:

// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
    // valid
    // check presence in groups
    $filter = "(sAMAccountName=" . $user . ")";
    $attr = array("memberof","givenname");
    $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap, $result);
    $givenname = $entries[0]['givenname'][0];
    ldap_unbind($ldap);

    // check groups
    foreach($entries[0]['memberof'] as $grps) {
        // is manager, break loop
        if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }

        // is user
        if (strpos($grps, $ldap_user_group)) $access = 1;
    }

    if ($access != 0) {
        // establish session variables
        $_SESSION['user'] = $user;
        $_SESSION['access'] = $access;
        $_SESSION['givenname'] = $givenname;
        return true;
    } else {
        // user has no rights
        return false;
    }

} else {
    // invalid name or password
    return false;
}

回答by PoX

Hope this helps. When you read from ldap you can see fields and map them to some session variable.

希望这可以帮助。当您从 ldap 读取时,您可以看到字段并将它们映射到某个会话变量。 

$connect = @ldap_connect(LDAP_ADDRESS);
    if (!$connect) return FALSE;

    $bind = @ldap_bind($connect);
    if (!$bind) return FALSE;

    if ($resource = @ldap_search($connect,"dc=<yourdc>,dc=<yourdc>","uid=$user")) {

        if (@ldap_count_entries($connect,$resource) == 1) {

            if ($entry = @ldap_first_entry($connect,$resource)) {

                if ($user_dn = @ldap_get_dn($connect,$entry)) {

                    if ($link = @ldap_bind($connect,$user_dn,$password)) {

                        $_SESSION['user'] = $user;

                    }
                }
            }
        }
    }

    @ldap_close($connect);

回答by solar411

Bumping an old thread. I needed to get given name and surname and added 'sn' to the attributes and added to the session variables for later reference in another script like this:

撞一个旧线程。我需要获得给定的名字和姓氏,并将“sn”添加到属性并添加到会话变量中,以便以后在另一个脚本中引用,如下所示:

How I access the session variables in other scripts:

我如何访问其他脚本中的会话变量:

$givenname = $_SESSION['givenname'];
$surname = $_SESSION['sn'];
$name = "{$givenname} {$surname}";

Update to previous authenticate script:

更新到以前的身份验证脚本:

// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
    // valid
    // check presence in groups
    $filter = "(sAMAccountName=" . $user . ")";
    $attr = array("memberof","givenname","sn");
    $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap, $result);
    $givenname = $entries[0]['givenname'][0];
    $surname = $entries[0]['sn'][0];
    ldap_unbind($ldap);

    // check groups
    foreach($entries[0]['memberof'] as $grps) {
        // is manager, break loop
        if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }

        // is user
        if (strpos($grps, $ldap_user_group)) $access = 1;
    }

    if ($access != 0) {
        // establish session variables
        $_SESSION['user'] = $user;
        $_SESSION['access'] = $access;
        $_SESSION['givenname'] = $givenname;
        $_SESSION['sn'] = $surname;
        return true;
    } else {
        // user has no rights
        return false;
    }

} else {
    // invalid name or password
    return false;
}

相关推荐

在使用 AJAX 调用的 PHP 文件中检索序列化数据

在使用 AJAX 调用的 PHP 文件中检索序列化数据

php TCPDF 页边距问题

php TCPDF 页边距问题

php 从 Twig 设置数组元素

php 从 Twig 设置数组元素

php 如何chmod文件夹以使其可在php中为服务器写入

php 如何chmod文件夹以使其可在php中为服务器写入

相关推荐
最近更新
标签