我正在尝试进行 ldap 授权,然后对组中的成员身份进行二次检查。系统是一台运行 php 5.3.10 的 Ubuntu 机器,针对 Server2008 R2 Active Directory 进行身份验证。我似乎无法让 ldap_search() 工作。我已经从 jExplore 中提取了 DN,所以我很确定 DN 是正确的。ldap_bind 与凭据一起工作(在另一个函数中),所以我确信服务器和用户名/密码是有效的。错误:
PHP Warning: ldap_search(): Search: Operations error in /var/www/zzz.php on line 28
编码:
$ldap = ldap_connect('ldap://xxx.xxx');
$admins = $auth['admin'];
// User not logged in, user level '0'
if (!isset($user))
{
return 0;
}
// DN
$group_dn = 'CN=IT Employees,OU=groups,OU=users,OU=xxx,DC=xxx,DC=xxx';
// Filter
$filter = '(sAMAccountName=' . $user . ')';
// Attributes
$attr = array("memberof","givenname");
echo $group_dn.' '.$filter.' '.$attr.'<br />';
// Check if the user is a member of the Admin Group
$SubGroups = ldap_search($ldap, $group_dn, $filter, $attr); //Search the admin group for user.
$debug = ldap_get_entries($ldap, $SubGroups);
echo $debug['count'];
if ($debug['count']>>0)
{
// Yep, you are set admin. (User level 2)
echo "Admin Set<br />";
return 2;
}
else
{
// Failure. Thou art a normal user. (User level 1)
echo "Admin Denied<br />";
return 1;
}
}