学校网站 asp免费的推文制作网站
目录
前言
代码展示
连接ldap
ldap过滤搜索
下面方法是我调用过滤-获取组织,组,和用户信息的方法
参考链接:
前言
公司需要对接ad域,采用的是ldap协议(此处可以百度了解下,也是第一次摸索)
代码展示
连接ldap
public function connect(){self::$connect = ldap_connect($this->account,$this->port);ldap_set_option(self::$connect,LDAP_OPT_PROTOCOL_VERSION,3);ldap_set_option(self::$connect, LDAP_OPT_REFERRALS, 0);$bind = ldap_bind(self::$connect,'用户名','密码');if ($bind){return true;}else{return false;}}ldap过滤搜索
public function ldapFilter($baseDn,$filter){$read = ldap_search(self::$connect,$baseDn,$filter);var_dump(ldap_error(self::$connect));//输出错误日志//该结果需要手动处理下(返回自己有用的信息)$data = ldap_get_entries(self::$connect, $read); //获取结果数组if (!$data){return [];}return $data;}处理windows限制1000条,优化获取数据
//处理windows限制1000条数据(进行分段读取)public function ldapFilter($baseDn,$filter){$data = [];$cookie = '';do {$result = ldap_search(self::$connect, $baseDn, $filter, [], 0, 0, 0, LDAP_DEREF_NEVER,[['oid' => LDAP_CONTROL_PAGEDRESULTS, 'value' => ['size' => 750, 'cookie' => $cookie]]]);ldap_parse_result(self::$connect, $result, $errcode , $matcheddn , $errmsg , $referrals, $controls);// To keep the example short errors are not tested$entries = ldap_get_entries(self::$connect, $result);//array_shift($entries);$data = array_merge($data, $entries);
// var_dump(count($data) . $filter);if (isset($controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'])) {// You need to pass the cookie from the last call to the next one$cookie = $controls[LDAP_CONTROL_PAGEDRESULTS]['value']['cookie'];} else {$cookie = '';}// Empty cookie means last page} while (!empty($cookie));if (!$data){ return [];}return $data;}下面方法是我调用过滤-获取组织,组,和用户信息的方法
public function getLdapUnit($baseDn){$res = $this->ldapFilter($baseDn,"objectClass=organizationalUnit");$ret = [];$i = 0;foreach ($res as $key=>$value){if (is_numeric($key)){$arr = explode(',',$value['dn']);array_shift($arr);$ret[$i]['name'] = !empty($value['ou'][0]) ? $value['ou'][0] : '';$ret[$i]['dn'] = $value['dn'];$ret[$i]['parentDn'] = implode(',',$arr);$i++;}}return $ret;}public function getLdapGroup($baseDn){$res = $this->ldapFilter($baseDn,"objectClass=group");$ret = [];$i = 0;foreach ($res as $key=>$value){if (is_numeric($key)){$arr = explode(',',$value['dn']);array_shift($arr);$ret[$i]['name'] = !empty($value['cn'][0]) ? $value['cn'][0] : '';$ret[$i]['id'] = !empty($value['gidnumber'][0]) ? $value['gidnumber'][0] : '';$ret[$i]['dn'] = $value['dn'];$ret[$i]['parentDn'] = implode(',',$arr);$i++;}}return $ret;}public function getLdapUser($baseDn){//$str = "(&(objectClass=organizationalPerson)(objectClass=user)(!(objectClass=computer)))";$res = $this->ldapFilter($baseDn,"(&(objectClass=organizationalPerson)(objectClass=user)(!(objectClass=computer)))");$ret = [];$i = 0;foreach ($res as $key=>$value){if (is_numeric($key)){$arr = explode(',',$value['dn']);array_shift($arr);$ret[$i]['name'] = !empty($value['displayname'][0]) ? $value['displayname'][0] : '';$ret[$i]['mobile'] = !empty($value['mobile'][0]) ? $value['mobile'][0] : '';$ret[$i]['id'] = !empty($value['samaccountname'][0]) ? $value['samaccountname'][0] : '';//$ret[$i]['groupId'] = !empty($value['gidnumber'][0]) ? $value['gidnumber'][0] : '';$ret[$i]['dn'] = $value['dn'];$ret[$i]['parentDn'] = implode(',',$arr);$i++;}}return $ret;}登录验证
//登录密码验证public function adCheck($user,$password){$this->getConfig();$conn = ldap_connect($this->ip, $this->port);if ($conn) {//设置参数ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);//声明使用版本3ldap_set_option($conn, LDAP_OPT_REFERRALS, 0); // Binding to ldap server$bd = ldap_bind($conn, $this->user, $this->password);if($bd){$result = ldap_search($conn,$this->baseDn, "sAMAccountName=".$user) or die ("Error in search query: ".ldap_error($conn));$entry = ldap_first_entry($conn,$result);$attrs = ldap_get_attributes($conn,$entry);$user_dn = ldap_get_dn($conn,$entry);//$user_dn这个获取是非常重要的,获取到之后才能够验证下面的验证if (empty($user_dn)) return false;// SHOW ALL DATA$ldapbinds = ldap_bind($conn,$user_dn,$password);//查看返回值,有值表示自己账号密码验证成功,值一般返回1ldap_close($conn);return $ldapbinds;}else{return false;}} else {return false;}}
参考链接:
PHP: ldap_search - Manual
LDAP Search Filters (查询语法) |
Mozilla LDAP SDK Programmer's Guide/Searching the Directory With LDAP C SDK - MozillaWiki
AD域UserAccountControl属性、AD域重要用户属性_ad域用户属性_disabled_fk_csdN的博客-CSDN博客
搜索筛选器语法 - Win32 apps | Microsoft Docs
LDAP中过滤条件的基本语法 - 百度文库
测试环境搭建参考:
LDAP使用docker安装部署与使用_啧啧zzz的博客-CSDN博客_docker 安装ldap