php - php ldap 获取节点中的所有（递归）活动目录用户

Question

我在这里有一个活动目录，它看起来如何：

现在我向 ldap 函数发布了一个组名，并希望获得该组下的所有用户..

我运行这个：

ldap_search($ldap_con, "DC=Company,DC=Intra", "(&(&(objectClass=user)(objectCategory=Person))(CN=*))");

它检索域中的所有用户，我只想在我尝试过的特定组中创建它（如图所示的“OU =公司名称”下的用户）这些但它们都不起作用..

ldap_search($ldap_con, "DC=Company,DC=Intra", "(&(&(objectClass=user)(objectCategory=Person))(CN=*,OU=Company))");
ldap_search($ldap_con, "DC=Company,DC=Intra", "(&(&(objectClass=user)(objectCategory=Person))(memberOf=OU=Company Name))");
ldap_search($ldap_con, "DC=Company,DC=Intra", "(&(&(objectClass=user)(objectCategory=Person))(memberOf=Kullanicilar,OU=Company Name))");

即使这样也行不通：

ldap_search($ldap_con, "DC=Company,DC=Intra", "(&(&(objectClass=user)(objectCategory=Person))(OU=*))");

我必须在搜索参数中使用 CN 吗？如何在同一查询中检索 CN 和 OU 中的用户？

score 1 · Accepted Answer

我找到了实现目标的方法。ldap_search函数需要3个参数：（“ldap连接实例”，“基本节点路径，它的distinguishedname属性的值..”，“and objects query with param its static, objectClass=userand objectCategory=Personis required to get a ad object as user object so..” )

这是我的函数（这个 exp. 检索您在上面的问题帖子中看到的节点中的用户）：

public function saveAllUsersInGroup($ldap_con, $groupname){
    $base_dn = $this->getmainAttribute();
    //exp: $groupname = "OU=Kullanicilar,OU=CompanyName,DC=Company,DC=Intra"
    $results1 = ldap_search($ldap_con, $groupname, 
         "(&(&(objectClass=user)(objectCategory=Person))(CN=*))",array("distinguishedname"));
    $userList = ldap_get_entries($ldap_con, $results1);
    unset($userList["count"]);
    $result = array();
    foreach($userList as $user)
        $result[] = $user["dn"];
    return implode("&",$result);
}

这个对我有用。如果有人需要，我希望这会有所帮助。

score 0 · Accepted Answer

我无法让它工作，所以我建立了自己的。在具有多个组的 OU 中搜索的结果：

Name    Members

    Depth   Object  Path
groupname_users          
    1   user2   
    1   user1   
groupname_admins             
    1   user2   
groupname_group1             
    1   groupname_users 
    2   user2   groupname_users =>
    2   user1   groupname_users =>
groupname_groups             
    1   groupname_group1    
    2   groupname_users groupname_group1 =>
    3   user2   groupname_group1 => groupname_users =>
    3   user1   groupname_group1 => groupname_users =>

使用以下函数创建：

public function ldap_get_groups($ld_prim_group){
    $master = array();
    function ldap_get_group_data($group,$con,$depth,$path,$parent) {

        if ($parentData=ldap_read($con,$group, "(|(objectclass=person)(objectclass=groupOfNames))", array('cn','dn','member','objectclass'))){
            $entry = ldap_get_entries($con, $parentData); #get all info from query
            if($entry['count']>0){ //only if object person / group, will alway return 1 array!
                $obj_group['objectclass']=$entry[0]['objectclass'][0];
                $obj_group['cn']=$entry[0]['cn'][0];
                $obj_group['dn']=$entry[0]['dn'];
                $obj_group['memberCount']=$entry['0']['member']['count'] ?? 0;
                unset($entry['0']['member']['count']);  //remove awefull count key
                $obj_group['member']=$entry[0]['member'] ?? null; //if entry has members than copy to object.
                $obj_group['depth']=$depth;
                $obj_group['path']=$path;
                $parent['dn'] ? $obj_group['parentDN']= $parent['dn']:null; //create parentDN if parent['dn'] exist     
                $parent['cn'] ? $obj_group['parentCN']= $parent['cn']:null;         

                global $master;

                if($depth ==0){ //modify self
                    $master[$depth][$obj_group['cn']]=$obj_group;
                }
                if($depth ==1){ //modify childs
                    //dept 1 = all users / groups under dept 0
                    $obj_group['top']=$parent['cn'];
                    $path .= $obj_group['cn'] . " => " ;
                    $master[1][$obj_group['top']][$obj_group['cn']]=$obj_group;
                }
                if($depth >1) { //modify grandchilds
                    //dept 2,3,4.. = all users / groups under dept 1
                    $obj_group['top']=$parent['top'];
                    $path .= $obj_group['cn'] . " => " ;
                    $master[1][$obj_group['top']][$obj_group['cn']]=$obj_group;
                }


                if($obj_group['objectclass']=='groupOfNames'){
                    #modify for next round  
                    $depth+=1;
                    foreach($obj_group['member'] as $key=>$value){
                        ldap_get_group_data($value,$con,$depth,$path,$obj_group);
                    }

                }   
            }
        }

        else { 
            #invalid primary group
            return null;
        }
    }

    $sr=ldap_search($this->cnx, $ld_prim_group, "(!(objectclass=organizationalUnit))", array('dn'));
    $info = ldap_get_entries($this->cnx, $sr);
    unset($info['count']);  
    foreach($info as $k=>$v){
    if (ldap_get_group_data($v['dn'],$this->cnx,$depth=0,$path="",$parent=null)){

        }
    }
    global $master;
    return  $master;
}

ldap_get_groups("DN_OF_GROUP_OU");

将返回

php - php ldap 获取节点中的所有（递归）活动目录用户

2 回答 2

Related

Reference