PHP LDAP Get User Attributes, Including Associated Groups

后端未结

关注

 1  565

心在旅途 2020-12-31 11:57

What is the best way to run a search on the current user to retrieve all attributes, including associated groups in Active Directory using LDAP / PHP?

For attributes

1条回答

挽巷 (楼主)

2020-12-31 12:55

Here's a script we have for dumping AD information, maybe it will help you:

Failed to connect to the LDAP server: ". LDAP_HOSTNAME ."");
}

ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.

if (TRUE !== ldap_bind($ldap_connection, $ldap_username, $ldap_password)){
    die('Failed to bind to LDAP server.');
}

//------------------------------------------------------------------------------
// Get a list of all Active Directory users.
//------------------------------------------------------------------------------
$ldap_base_dn = 'DC=xyz,DC=local';
$search_filter = "(&(objectCategory=person))";
$result = ldap_search($ldap_connection, $ldap_base_dn, $search_filter);
if (FALSE !== $result){
    $entries = ldap_get_entries($ldap_connection, $result);
    if ($entries['count'] > 0){
        $odd = 0;
        foreach ($entries[0] AS $key => $value){
            if (0 === $odd%2){
                $ldap_columns[] = $key;
            }
            $odd++;
        }
        echo '';
        echo '';
        $header_count = 0;
        foreach ($ldap_columns AS $col_name){
            if (0 === $header_count++){
                echo '';
        }
        echo '';
        for ($i = 0; $i < $entries['count']; $i++){
            echo '';
            $td_count = 0;
            foreach ($ldap_columns AS $col_name){
                if (0 === $td_count++){
                    echo '';
                }
            }
            echo '';
        }
        echo '';
            }else if (count($ldap_columns) === $header_count){
                echo ' ';
            }else{
                echo ' ';
            }
            echo $col_name .'
';
                }else{
                    echo ' ';
                }
                if (isset($entries[$i][$col_name])){
                    $output = NULL;
                    if ('lastlogon' === $col_name || 'lastlogontimestamp' === $col_name){
                        $output = date('D M d, Y @ H:i:s', ($entries[$i][$col_name][0] / 10000000) - 11676009600); // See note below
                    }else{
                        $output = $entries[$i][$col_name][0];
                    }
                    echo $output .'';
    }
}
ldap_unbind($ldap_connection); // Clean up after ourselves.
?>

'; }else if (count($ldap_columns) === $header_count){ echo '	'; }else{ echo '	'; } echo $col_name .'
'; }else{ echo '	'; } if (isset($entries[$i][$col_name])){ $output = NULL; if ('lastlogon' === $col_name \|\| 'lastlogontimestamp' === $col_name){ $output = date('D M d, Y @ H:i:s', ($entries[$i][$col_name][0] / 10000000) - 11676009600); // See note below }else{ $output = $entries[$i][$col_name][0]; } echo $output .'

User inventor96 has suggested using 11644473600 instead of 11676009600. I can confirm 11644473600 is correct in a Linux environment - my guess is that inventor96 is in a Windows environment.

0 讨论(0)