0

如何使用带有 PHP 或任何语言的 ObjectSID 的 LDAP 查询对象?我发现了大量没有真正意义的“解决方案”,除了它是二进制的之外,没有一个真正解释所使用的 ObjectSID 的来源。

例如,我进行了初始搜索并检索了 ObjectSID 以供将来使用。问题是返回的 ObjectSID 似乎是二进制的。如何使用 PHP 的 ldap_search 将该二进制文件发送回 LDAP?

我读过我应该将值转换为十六进制,所以我做了一个bin2hex($ObjectSID),但是我通过 LDAP 浏览器看到的S-1-5-21-1851920287-2048563450-226493979-1120值:与我的结果值不匹配:0105000000000005150000009f0f626efa981a7a1b06800d60040000

有人有明确的答案吗?

4

1 回答 1

0

好的,找到以下答案:

// Returns the textual SID
public function bin_to_str_sid($binsid) 
{
    $hex_sid = bin2hex($binsid);
    $rev = hexdec(substr($hex_sid, 0, 2));
    $subcount = hexdec(substr($hex_sid, 2, 2));
    $auth = hexdec(substr($hex_sid, 4, 12));
    $result    = "$rev-$auth";

    for ($x=0;$x < $subcount; $x++) {
        $subauth[$x] = 
            hexdec($this->little_endian(substr($hex_sid, 16 + ($x * 8), 8)));
        $result .= "-" . $subauth[$x];
    }

    // Cheat by tacking on the S-
    return 'S-' . $result;
}

// Converts a little-endian hex-number to one, that 'hexdec' can convert
public function little_endian($hex) 
{
    $result = "";

    for ($x = strlen($hex) - 2; $x >= 0; $x = $x - 2) 
    {
        $result .= substr($hex, $x, 2);
    }
    return $result;
}


// This function will convert a binary value guid into a valid string.
public function bin_to_str_guid($object_guid) 
{
    $hex_guid = bin2hex($object_guid);
    $hex_guid_to_guid_str = '';
    for($k = 1; $k <= 4; ++$k) {
        $hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
    }
    $hex_guid_to_guid_str .= '-';
    for($k = 1; $k <= 2; ++$k) {
        $hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
    }
    $hex_guid_to_guid_str .= '-';
    for($k = 1; $k <= 2; ++$k) {
        $hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
    }
    $hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
    $hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);

    return strtoupper($hex_guid_to_guid_str);
}
于 2012-10-30T16:08:05.283 回答