LDAP AD网域验证...
我采用普通的模式都可以,包括查询用户..
但是今天写一个类,报 ldap_search() [function.ldap-search]: Search: Operatio_n_s error
类的代码如下
$ldapDN,这个是正确的...
ldapBind() 也是可以验证用户名跟密码...
但是查询此用户的详细信息会报错, 网上都提示是因为AD域不支持匿名,但是我加上验证在search...也还报错...
不用类的时候,ldap_bind()后, 是可以的...看后面一段代码
class userldap { private $ldapHost; //AD服务器地址 private $ldapPort; //AD服务器端口 private $ldapDomin; //AD网域 private $ldapDN = "OU=Users,OU=xxx,OU=abc,DC=adv,DC=ccc,DC=com"; //用户列表位置 private $userName; private $passWord; public function __construct($ldapDomin, $ldapHost, $ldapPort, $userName, $passWord) { $this->ldapDomin = $ldapDomin; $this->ldapHost = $ldapHost; $this->ldapPort = $ldapPort; $this->userName = $userName; $this->passWord = $passWord; } private function ldapConnect() { if (!$this->ldapConn = ldap_connect($this->ldapHost, $this->ldapPort)) { $this->showerror = ldap_error($this->ldapConn); } else { $this->ldapConn = ldap_connect($this->ldapHost, $this->ldapPort); } return $this->ldapConn; } public function ldapBind() { if (@ldap_bind($this->ldapConnect(), $this->ldapDomin . '\\' . $this->userName, $this->passWord)) { ldap_bind($this->ldapConnect(), $this->ldapDomin . '\\' . $this->userName, $this->passWord); return TRUE; } else { return FALSE; } } public function getUserinfo() { if ($this->ldapBind()) { ldap_bind($this->ldapConnect(), $this->ldapDomin . '\\' . $this->userName, $this->passWord); $this->adResult = ldap_search($this->ldapConnect(), $this->ldapDN, "(sAMAccountName=$this->userName)"); $this->userInfo = ldap_get_entries($this->ldapConnect(), $this->adResult); //获得查询结果 } else { $this->userInfo = "NA"; } return $this->userInfo; }} if (!$ldap_conn = ldap_connect($ldap_host, $ldap_port)) { $tip = "LADP HOST" . $ldap_host . " CANNOT CONNECT"; } else { if (@ldap_bind($ldap_conn, $doMain . '\\' . $userName, $passWord)) { $query = $db->select("bp_user", "userFullname", "where userNT='$userName'"); if ($row = $db->fetch_array($query)) { $_SESSION['userName'] = $row['0']; $_SESSION['passWord'] = $passwordDb; $db->update("bp_user", "userPassword = '$passwordDb', userLogin=userLogin+1, userLoginip=INET_ATON('$lastip'),userUpdate='$nowtime'", "where userNT='$userName'"); ldap_unbind($ldap_conn) or die("Can't unbind from LDAP server."); $msg = "USERNAME <font color=red>" . $row[0] . "</font> Login In OK"; unset($query); unset($row); Get_admin_msg($lastUrl, $msg, 'main'); } else { $base_dn = "OU=Users,OU=xxx,OU=abc,DC=adv,DC=ccc,DC=com";; $filter_col = "sAMAccountName"; //定义用于查询的列 $filter_val = $userName; //定义用于匹配的值 $result = ldap_search($ldap_conn, $base_dn, "($filter_col=$filter_val)"); //执行查询 $entry = ldap_get_entries($ldap_conn, $result); //获得查询结果 $userFullname = strtoupper($entry[0]['cn'][0]); $userEmail = $entry[0]['mail'][0]; $userDept = $entry[0]['department'][0]; $userCustomer = $entry[0]['roomnumber'][0]; $entry = NULL; $result = NULL; ldap_unbind($ldap_conn) or die("Can't unbind from LDAP server."); $query = NULL; $row = NULL;}那你就看看用类之后,参数是不是正确传递了,就是参数对不对
参数都是一样的....
所以很奇怪...
问题解决掉咯...
还是那个认证的问题...
我不知道是不是可以说成是线程的问题...
调用ldap_search之前必须要满足链接到ldap server并且通过ldap_bind的认证...
而在function里面,ldap_bind后,再进行Ldap_search的时候,再一次链接ldap server,生成的resource ID不一样...并且这个resouce ID没有进行ldap_bind认证...
所以修改的办法就是
调用getUserinfo的这个function的时候,需要再次重新链接ldap服务器并通过认证再获取用户信息,这样就不会报错...
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
