我希望能够允许Active directory中的单个ou对我公司的内部网站进行身份验证访问。请帮忙,因为我在这上面浪费了太多时间。这就是我到目前为止得到的:
$domain ='ab.cd.ef.gh.ij';
$host='xxx.xxx.xx.x';
$ds = ldap_connect($host); //has to be domain or hostname
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
if($ds)
{
$bind=ldap_bind($ds,$name, $pass);
if($bind)
{
$_SESSION['status'] = 'authorized';
header("location: index.php");
} else return "Please enter correct username and password.";
}
提前感谢
如果你想允许一个用户访问登录系统,这非常有效:
$domain ='ab.cd.ef.gh.ij';
$host='xxx.xxx.xx.x';
$connect = ldap_connect($host); //has to be domain or hostname
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
$dn = "OU=something,OU=something,OU=something,OU=something,DC=ab,DC=cd,DC=ef,DC=gh,DC=ij";
$search = "CN=$name";
if($connect)
{
$bind=ldap_bind($connect,$name, $pass);
if($bind)
{
$sr=ldap_search($connect, $dn, $search);
$data = ldap_get_entries($connect, $sr);
for ($i=0; $i<$data["count"]; $i++)
{
$user = $data[$i]["dn"] ;
}
if($user =="CN=$name,OU=something,OU=something,OU=something,OU=something,DC=ab,DC=cd,DC=ef,DC=gh,DC=ij")
{
$_SESSION['status'] = 'authorized';
header("location: index.php");
}else
{
header("location:lost.html");
}
} else return "Please enter correct username and password.";
}
唯一不利的一面是用户名和通用名必须相同才能工作。
快乐编码