PHP LDAP获取作为组成员的成员的用户详细信息

Question

我正在尝试创建一个 PHP 脚本，该脚本将返回我们 Active Directory 中特定组的每个成员的一些详细信息。

我在连接和显示组成员的姓名 (CN) 时没有问题，但是在显示电话、电子邮件和用户名等详细信息时我就卡住了。

这是我正在尝试的代码。谁能看到我做错了什么？

<?php
$ldap_server = "AD_Server.domain.pri:389";
$auth_user = "user@domain.pri";
$auth_pass = "password";

$base_dn = "OU=IM Groups,OU=GLOBAL,DC=domain,DC=pri";
$filter = "(&(objectCategory=user)(memberOf=IM-ALL_USERS))";

// connect to server
if (!($connect=@ldap_connect($ldap_server))) {
     die("Could not connect to ldap server");
}

// bind to server
if (!($bind = ldap_bind($connect, $auth_user, $auth_pass))) {
     die("Unable to bind to server");
}

// search active directory
if (!($search = ldap_search($connect, $base_dn, $filter))) {
     die("Unable to search ldap server");
}

$number_returned = ldap_count_entries($connect,$search);
$info = ldap_get_entries($connect, $search);

echo "The number of entries returned is ". $number_returned."<p>";

for ($i=0; $i<$info["count"]; $i++) {
   echo "Name is: ". $info[$i]["givenname"][0]."<br>";
   echo "Display name is: ". $info[$i]["displayname"][0]."<br>";
   echo "Email is: ". $info[$i]["mail"][0]."<br>";
   echo "Telephone number is: ". $info[$i]["telephonenumber"][0]."<p>";
}
?>

Answer 1

使用Sam J Levy 创建的出色函数解决了这个问题。

这是最终有效的代码。

<?php

function explode_dn($dn, $with_attributes=0)
{
    $result = ldap_explode_dn($dn, $with_attributes);
    foreach($result as $key => $value) $result[$key] = preg_replace("/\\\([0-9A-Fa-f]{2})/e", "''.chr(hexdec('\\1')).''", $value);
    return $result;
}

function get_members($group,$user,$password) {
    $ldap_host = "LDAPSERVER";
    $ldap_dn = "OU=some_group,OU=some_group,DC=company,DC=com";
    $base_dn = "DC=company,DC=com";
    $ldap_usr_dom = "@company.com";
    $ldap = ldap_connect($ldap_host);

    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
    ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);

    ldap_bind($ldap, $user . $ldap_usr_dom, $password);
    $results = ldap_search($ldap,$ldap_dn, "cn=" . $group);
    $member_list = ldap_get_entries($ldap, $results);

    $dirty = 0;
    $group_member_details = array();

    foreach($member_list[0]['member'] as $member) {
        if($dirty == 0) {
            $dirty = 1;
        } else {
            $member_dn = explode_dn($member);
            $member_cn = str_replace("CN=","",$member_dn[0]);
            $member_search = ldap_search($ldap, $base_dn, "(CN=" . $member_cn . ")");
            $member_details = ldap_get_entries($ldap, $member_search);
            $group_member_details[] = array($member_details[0]['givenname'][0],$member_details[0]['sn'][0],$member_details[0]['telephonenumber'][0],$member_details[0]['othertelephone'][0]);
        }
    }
    ldap_close($ldap);
    return $group_member_details;
}

// Specify the group from where to get members and a username and password with rights to query it
$result = get_members("groupname","username","password");

// The following will create an XML file with the details from $group_member_details
$xml = simplexml_load_string("<?xml version='1.0'?>\n<AddressBook></AddressBook>");
$version = $xml->addChild('version', '1');

foreach($result as $e) {
    $contact = $xml->addChild('Contact');
    $contact->addChild('FirstName', $e[0]);
    $contact->addChild('LastName', $e[1]);
    $phone = $contact->addChild('Phone');
    if ($e[3] == '') {
                $phone->addChild('phonenumber', '0');
        } else {
                $phone->addChild('phonenumber', $e[3]);
        }
    $phone->addChild('accountindex', '0');
    $phone = $contact->addChild('Phone');
    if ($e[2] == '') {
        $phone->addChild('phonenumber', '0');
    } else {
        $phone->addChild('phonenumber', $e[2]);
    }
    $phone->addChild('accountindex', '1');
    $contact->addChild('Group', '0');
    $contact->addChild('PhotoUrl', 'empty');
}

$xml->asXML('phonebook.xml');

?>