当前位置:theitroad>php ldap 搜索:没有这样的对象

php ldap 搜索:没有这样的对象

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/15108969/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-25 08:35:47  来源:igfitidea点击:

php ldap search: no such object

phpactive-directoryldap

提问by KoSMoS

I'm new to LDAP so I will try to explain correctly
I have a hostname "energia.sise"

我是 LDAP 的新手,所以我会尝试正确解释
我有一个主机名"energia.sise"

I need to get all users which are located in energia.sise/nej/users

我需要获取位于 energia.sise/nej/users

could you advise me how to do that?

你能告诉我怎么做吗?

in this code, I tried to get my record based on my email but it errors
Warning: ldap_search(): Search: No such object

在这段代码中,我试图根据我的电子邮件获取我的记录,但它错误
警告:ldap_search():搜索:没有这样的对象

     $base_dn ="OU=users, OU=nej, DC=energia, DC=sise";
     $ds = ldap_connect("energia.sise") or die("Невозможно соединиться с $ldaphost");

     ldap_bind($ds, "login@energia", "password");

     $filter = '(&(objectClass=user)(CN=*)(mail=kosmos*))';

     $sr = ldap_search($ds, $base_dn, $filter);
     $info = ldap_get_entries($ds, $sr);

回答by Robert Rossmann

Except the unnecessary filter component CN=*, as already noted by Terry Gardner, your filter seems to be correct. As such, I suspect that there are other possible problems you have with your code:

除了不必要的过滤器组件 CN=*,正如 Terry Gardner 已经指出的那样,您的过滤器似乎是正确的。因此,我怀疑您的代码可能存在其他问题:

  1. The username format you are using is incorrect. Try binding with [email protected]or ENERGIA\login.
  2. The container "OU=users, OU=nej, DC=energia, DC=sise"does not exist. Try your search in the whole domain - "DC=energia, DC=sise"and see if you are getting any results.

  3. Use ldap v3protocol in Active Directory whenever possible. This should be set before you bind:

    ldap_set_option( $ds, LDAP_OPT_PROTOCOL_VERSION, 3 );

  4. I recommend that you also turn off referrals handling for ldap v3 as it causes some strange behaviour for AD sometimes:

    ldap_set_option( $ds, LDAP_OPT_REFERRALS, 0 );

  1. 您使用的用户名格式不正确。尝试使用[email protected]ENERGIA\login 进行绑定。
  2. 容器“OU=users, OU=nej, DC=energia, DC=sise”不存在。尝试在整个域中进行搜索 - “DC=energia, DC=sise”,看看是否有任何结果。

  3. 尽可能在 Active Directory 中使用ldap v3协议。这应该在绑定之前设置:

    ldap_set_option( $ds, LDAP_OPT_PROTOCOL_VERSION, 3 );

  4. 我建议您也关闭 ldap v3 的引用处理,因为它有时会导致 AD 出现一些奇怪的行为:

    ldap_set_option( $ds, LDAP_OPT_REFERRALS, 0 );

When performing a search operation like this, the "No such object"error usually refers to the fact that the base DN does not exist. If there were no users to match your filter, the server would return an empty resultset.

Hope that helps!

当执行这样的搜索操作时,“没有这样的对象”错误通常是指基本 DN 不存在的事实。如果没有用户匹配您的过滤器,服务器将返回一个空的结果集。

希望有帮助!

回答by Terry Gardner

The base object "OU=users, OU=nej, DC=energia, DC=sise"specified does not exist. The base object is the point at which the search begins - only entries at or below the base objects would be returned in the search result except in the case of a one-levelsearch, in which case the base object is not returned.

"OU=users, OU=nej, DC=energia, DC=sise"指定的基础对象不存在。基础对象是搜索开始的点 - 只有位于或低于基础对象的条目才会在搜索结果中返回,搜索除外one-level,在这种情况下不会返回基础对象。

Before writing code, use a known good tool like ldapsearchto determine if the desired request parameters are correct:

在编写代码之前,使用已知的好工具ldapsearch来确定所需的请求参数是否正确:

ldapsearch -h energia.sise -p port-number \
     -D login@energia -w password \
     -b ou=users,ou=nej,dc=energia,dc=sise -s sub \
     '(&)' 1.1

If the above displays the error indicating the base object does not exist, then locate the correct base object and try again.

如果上面显示的错误表明基础对象不存在,请找到正确的基础对象并重试。

As a side note, unrelated to the problem of the base object not existing, the filter component cn=*is not necessary, and will result in an increased search time because cn=*is a presentfilter, meaning entries that contain a cnattribute will match the search criteria. Unless I am mistaken, the cnattribute is required by the UserobjectClass, so using a &filter with both objectClass=Userand cn=*does nothing but cause the server to spend more time on the search.

作为边注,无关的基础对象不存在的问题,该过滤元件cn=*是没有必要的,并且将导致增加的搜索时间,因为cn=*过滤器,这意味着包含的条目cn属性将与搜索标准匹配。除非我错了,该cn属性由所需的User对象类,因此使用&具有两个过滤器objectClass=Usercn=*什么也不做,但会导致服务器花费更多的时间在搜索。

see also

也可以看看

回答by Shery

Update

更新

UPDATE:Using the LDAP Browser Free edition (Check it out here) was good because you can simply browse through the LDAP server, it helps you understand if you can bind anonymous etc. etc. But the biggest benefit was to get the DN(copy and paste). After that I was able to read the data.

更新:使用 LDAP 浏览器免费版(在这里查看)很好,因为您可以简单地浏览 LDAP 服务器,它可以帮助您了解是否可以绑定匿名等。但最大的好处是获得DN(复制和粘贴)。之后,我能够读取数据。

I had the following issues and that's how I resolved:

我遇到了以下问题,这就是我解决的方法:

Problem 1

问题一

  • Problem 1:Can't bind even though I could connect anonymously through the LDAP Browser Software

  • Solution:added the following lines before the bind as suggested above:

    ldap_set_option( $ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3 );
ldap_set_option( $ldapconn, LDAP_OPT_REFERRALS, 0 );

    After this I was able to bind...

  • 问题 1:即使我可以通过 LDAP 浏览器软件匿名连接,也无法绑定

  • 解决方案:按照上面的建议在绑定之前添加以下行:

    ldap_set_option( $ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3 );
ldap_set_option( $ldapconn, LDAP_OPT_REFERRALS, 0 );

    在此之后,我能够绑定...

Problem 2

问题二

  • Problem 2:Can't Search...

  • Solution:Open the LDAP browser. Check connectivity to make sure you can connect to the LDAP server. Browse an example record. Right click and goto Properties and copy the DN and replace it in the code and that's it!

  • 问题2:无法搜索...

  • 解决方案:打开 LDAP 浏览器。检查连接以确保您可以连接到 LDAP 服务器。浏览示例记录。右键单击并转到“属性”并复制 DN 并在代码中替换它,就是这样!

Original Post shown below:

原帖如下图:

I can't seem to search and I am using LDAP Browser 4.5 Free edition to make sure everything is working...

我似乎无法搜索,我正在使用 LDAP 浏览器 4.5 免费版来确保一切正常...

This is my Code:

这是我的代码:

function ldap_anon_connect($ein){

    $ldaphost = "ldap://link_to_ldap.com";

    //create a connection to ldap server
    $ldapconn = ldap_connect($ldaphost) or die("Couldn't connect to " .$ldaphost);
        if ($ldapconn) {

            ldap_set_option( $ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3 );
            ldap_set_option( $ldapconn, LDAP_OPT_REFERRALS, 0 );

            $ldapbind = ldap_bind($ldapconn);
            if ($ldapbind) {

                // if binds, look some stuff up
                $info = ldap_annon_get_profile($ein, $ldapconn);
                return $info;
             } 
             else{
                echo "Invalid EIN. Please Try again";
                die();
             }

    }

}

function ldap_annon_get_profile($ein, $ldapconn){

        $filter = "(cn=".$ein.")";

    $justthese = array(
                                "cn","sn","givenName","displayName","mail","EmployeeClass","ManagerEIN",
                                "mobile","title","c","PersonalTitle"
                );

                $sr = ldap_search($ldapconn, "o=CO,ou=COplc,ou=people", $filter, $justthese);
                        $info = ldap_get_entries($ldapconn, $sr);

                        return $info;

    }

I have double checked my DN="o=CO,ou=COplc,ou=people" this is the right string as I can lookup the stuff at LDAP Browser...

我已经仔细检查了我的 DN=" o=CO,ou=COplc,ou=people" 这是正确的字符串,因为我可以在 LDAP 浏览器中查找内容...

Any ideas?

有任何想法吗?

相关推荐

用 PHP 创建表并从 MySQL 填充

用 PHP 创建表并从 MySQL 填充

php Magento - 获取所有产品的产品集合

php Magento - 获取所有产品的产品集合

php 无论如何,如何在出现任何错误时返回 HTTP 500 代码

php 无论如何,如何在出现任何错误时返回 HTTP 500 代码

php 如何在 Doctrine 中进行左连接?

php 如何在 Doctrine 中进行左连接?