我有一个登录页面,它使用PHP/LDAP让我的用户访问公司网站。下面,我创建了一个语句,将用户的AD组成员身份存储在一个变量中,稍后根据用户在AD>中的成员身份进行重定向
现在,我还想添加从Active Directory获取用户全名的功能,并将其存储以备将来使用。如何修改下面的语句以将用户的全名从Active Directory存储到另一个变量中?有什么想法吗??
// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
// valid
// check presence in groups
$filter = "(sAMAccountName=" . $user . ")";
$attr = array("memberof");
$result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
/* I would like to get and store the user's display name here somehow */
ldap_unbind($ldap);
// check groups
foreach($entries[0]['memberof'] as $grps) {
// is manager, break loop
if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }
// is user
if (strpos($grps, $ldap_user_group)) $access = 1;
}
if ($access != 0) {
// establish session variables
$_SESSION['user'] = $user;
$_SESSION['access'] = $access;
return true;
} else {
// user has no rights
return false;
}
} else {
// invalid name or password
return false;
提前感谢您的帮助/建议!
编辑
这是我的完整PHP页面,里面有伪域的东西,但我遇到了语法错误,我可以解决这个问题:(和帮助或想法?谢谢Alex的初步帮助!
<?php
function authenticate($user, $password) {
// Active Directory server
$ldap_host = "my FQDC DC";
// Active Directory DN
$ldap_dn = "DC=something,DC=something";
// Active Directory user group
$ldap_user_group = "WebUsers";
// Active Directory manager group
$ldap_manager_group = "WebManagers";
// Domain, for purposes of constructing $user
$ldap_usr_dom = "@mycompany.com";
// connect to active directory
$ldap = ldap_connect($ldap_host);
// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
// valid
// check presence in groups
$filter = "(sAMAccountName=" . $user . ")";
$attr = array("memberof","givenname");
$result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
$givenname = $entries[0]['givenname'];
ldap_unbind($ldap);
// check groups
foreach($entries[0]['memberof'] as $grps) {
// is manager, break loop
if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }
// is user
if (strpos($grps, $ldap_user_group)) $access = 1;
}
if ($access != 0) {
// establish session variables
$_SESSION['user'] = $user;
$_SESSION['access'] = $access;
$_SESSION['givenname'] = $givenname;
return true;
} else {
// user has no rights
return false;
}
} else {
// invalid name or password
return false;
}
?>
试试这个:
// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
// valid
// check presence in groups
$filter = "(sAMAccountName=" . $user . ")";
$attr = array("memberof","givenname");
$result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
$givenname = $entries[0]['givenname'][0];
ldap_unbind($ldap);
// check groups
foreach($entries[0]['memberof'] as $grps) {
// is manager, break loop
if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }
// is user
if (strpos($grps, $ldap_user_group)) $access = 1;
}
if ($access != 0) {
// establish session variables
$_SESSION['user'] = $user;
$_SESSION['access'] = $access;
$_SESSION['givenname'] = $givenname;
return true;
} else {
// user has no rights
return false;
}
} else {
// invalid name or password
return false;
}
希望这能有所帮助。当您从ldap中读取时,您可以看到字段并将它们映射到某个会话变量。
$connect = @ldap_connect(LDAP_ADDRESS);
if (!$connect) return FALSE;
$bind = @ldap_bind($connect);
if (!$bind) return FALSE;
if ($resource = @ldap_search($connect,"dc=<yourdc>,dc=<yourdc>","uid=$user")) {
if (@ldap_count_entries($connect,$resource) == 1) {
if ($entry = @ldap_first_entry($connect,$resource)) {
if ($user_dn = @ldap_get_dn($connect,$entry)) {
if ($link = @ldap_bind($connect,$user_dn,$password)) {
$_SESSION['user'] = $user;
}
}
}
}
}
@ldap_close($connect);
碰撞一个旧线程。我需要获得给定的名称和姓氏,并将"sn"添加到属性中,并添加到会话变量中,以便稍后在另一个脚本中引用:
我如何访问其他脚本中的会话变量:
$givenname = $_SESSION['givenname'];
$surname = $_SESSION['sn'];
$name = "{$givenname} {$surname}";
更新到以前的身份验证脚本:
// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
// valid
// check presence in groups
$filter = "(sAMAccountName=" . $user . ")";
$attr = array("memberof","givenname","sn");
$result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
$givenname = $entries[0]['givenname'][0];
$surname = $entries[0]['sn'][0];
ldap_unbind($ldap);
// check groups
foreach($entries[0]['memberof'] as $grps) {
// is manager, break loop
if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }
// is user
if (strpos($grps, $ldap_user_group)) $access = 1;
}
if ($access != 0) {
// establish session variables
$_SESSION['user'] = $user;
$_SESSION['access'] = $access;
$_SESSION['givenname'] = $givenname;
$_SESSION['sn'] = $surname;
return true;
} else {
// user has no rights
return false;
}
} else {
// invalid name or password
return false;
}