Reading members of Security Group w/in LDAP - HELP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
labmixz
Forum Newbie
Posts: 18
Joined: Tue Apr 25, 2006 12:14 pm
Location: tampa ~ fl
Contact:

Post by labmixz »

pickle wrote:It may be case sensitive. You said you were checking memberOf, and in the example it's memberof. May be significant.
This is true, but just tried it all lower case, still receiving nothing back.
User avatar
labmixz
Forum Newbie
Posts: 18
Joined: Tue Apr 25, 2006 12:14 pm
Location: tampa ~ fl
Contact:

Post by labmixz »

Well, I got some new results...

Filter set to:

Code: Select all

$filter = "(cn=*)";
With the search set to:

Code: Select all

$sr=ldap_search($ds,"cn=sAdministrative,ou=Administrative,ou=Employees,dc=domain,dc=com",$filter);
It returns all the attributes of the group, including the members, but I can't get it it to just display the members, yet...
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

This sounds kind of ridicluous (but it's Microsoft so who knows), change your filter to not look for memberof=sAdministrative, but rather the whole string: memberof=CN=sAdministrative,OU=Administrative,OU=Employees,DC=domain,DC=com

I gotta admit, I'm running out of ideas.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
labmixz
Forum Newbie
Posts: 18
Joined: Tue Apr 25, 2006 12:14 pm
Location: tampa ~ fl
Contact:

Post by labmixz »

See my post above you last on, here is in short what it returns:

Code: Select all

Array
(
    [count] => 1
    [0] => Array
        (
            [objectclass] => Array
                (
                    [count] => 2
                    [0] => top
                    [1] => group
                )

            [0] => objectclass
            [cn] => Array
                (
                    [count] => 1
                    [0] => sAdministrative
                )

            [1] => cn
            [member] => Array
                (
                    [count] => 21
                    [0] => CN=User1,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [1] => CN=User2,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [2] => CN=User3,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [3] => CN=User4,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [4] => CN=User5,OU=Disabled User Accounts,DC=domain,DC=com
                    [5] => CN=User6,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [6] => CN=User7,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [7] => CN=User8,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [8] => CN=User9,OU=Disabled User Accounts,DC=domain,DC=com
                    [9] => CN=User10,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [10] => CN=User11,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [11] => CN=User12,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [12] => CN=User13,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [13] => CN=User14,OU=Disabled User Accounts,DC=domain,DC=com
                    [14] => CN=User15,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [15] => CN=User16,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [16] => CN=User17,OU=Reception,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [17] => CN=User18,OU=Reception,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [18] => CN=User19,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [19] => CN=User20,OU=Administrative,OU=Employees,DC=domain,DC=com
                    [20] => CN=User21,OU=Executive,OU=Employees,DC=domain,DC=com
                )

            [2] => member
            [distinguishedname] => Array
                (
                    [count] => 1
                    [0] => CN=sAdministrative,OU=Administrative,OU=Employees,DC=domain,DC=com
                )

            [3] => distinguishedname
            [instancetype] => Array
                (
                    [count] => 1
                    [0] => 4
                )
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Perfect, just iterate through $info[0]['member'] then right? If you don't want that other stuff returned, just send along an array of attributes you want as your 4th argument.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
labmixz
Forum Newbie
Posts: 18
Joined: Tue Apr 25, 2006 12:14 pm
Location: tampa ~ fl
Contact:

Post by labmixz »

pickle wrote:Perfect, just iterate through $info[0]['member'] then right? If you don't want that other stuff returned, just send along an array of attributes you want as your 4th argument.
Exactly what I was trying... I got it down to the array, just can't get it to show the CN only, I'm still playing with it.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

I really don't think you can do that. I've never been able to do get just that. It's pretty simple to run each member through a regex though:

Code: Select all

$info = $ldap_results[0]['member'];
$info = array_shift($info);
$pattern = '/CN=(\w*?),.*/i'
foreach($info as $full_name)
{
  preg_match($pattern,$full_name,$matches);
  $member_cns[] = $matches[1];
}
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply