Enumerate All LDAP Attributes and Values for a User

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mmX
Forum Newbie
Posts: 10
Joined: Fri Apr 03, 2009 2:13 pm

Enumerate All LDAP Attributes and Values for a User

Post by mmX »

Hello All,

Just starting with PHP... like... yesterday.

I'm trying to create a page that will use LDAP values to determine what pages/functionality the user is allowed to view. i.e. if the logging user if a memberOf 'Accounting' they get some tools that 'HR' would not.

So, I figured I'd start off by just creating a page that displays all available attributes and their values for the user logging in. Now, I'm really hung up on displaying the values - everything just says 'Array' if I try to use the ldap_get_attributes() function in conjunction with array that is created from ldap_get_values. I could very well be approaching it all wrong, here we go (most code started from php.net)...

Code: Select all

<html>
<body>
<?
$logName = $_POST['logName'];
$passwd = $_POST['passwd'];
 
echo "<h3>LDAP query test</h3>";
echo "Connecting ...";
$ds=ldap_connect($IPofMyLDAPServer);  // must be a valid LDAP server!
echo "connect result is " . $ds . "<br />";
 
if ($ds) { 
    echo "Binding ..."; 
    $r=ldap_bind($ds,'domain prefix\\' . $logName,$passwd);
 
    echo "Bind result is " . $r . "<br />";
 
    echo "Searching for (account=$logName) ...";
    $sr=ldap_search($ds, "DC=subdomain,DC=domain,DC=edu", "samaccountname=$logName");  
    echo "Search result is " . $sr . "<br />";
 
    echo "Number of entires returned is " . ldap_count_entries($ds, $sr) . "<br />";
 
    echo "Getting entries ...<p>";
    $info = ldap_get_entries($ds, $sr);
    echo "Data for " . $info["count"] . " items returned:<p>";
 
    for ($i=0; $i<$info["count"]; $i++) {
        echo "dn is: " . $info[$i]["dn"] . "<br />";       
        echo "first cn entry is: " . $info[$i]["cn"][0] . "<br /><br />";
    }
    
    $entry = ldap_first_entry($ds, $sr);
    $attrs = ldap_get_attributes($ds, $entry);
    
    for ($x=0; $x<$info["count"]; $x++){
        for ($y=0; $y<$attrs["count"]; $y++){
            echo $attrs[$y] . " = " . $info[$x][strtolower($attrs[$y])] . "<br />";
        }
        echo "<hr />";
    }    
    
    echo "Closing connection";
    ldap_close($ds);
 
} else {
    echo "<h4>Unable to connect to LDAP server</h4>";
}
?>
 
</body>
</html>
The result I get is as follows:

Code: Select all

 
LDAP query test
Connecting ...connect result is Resource id #2
Binding ...Bind result is 1
Searching for (account=hhsuser1) ...Search result is Resource id #3
Number of entires returned is 1
Getting entries ...
 
Data for 1 items returned:
 
dn is: CN=HHS\,USER1,OU=My OU,OU=Level Up OU,DC=subdomain,DC=domain,DC=EDU
first cn entry is: HHS,USER1
 
objectClass = Array
cn = Array
sn = Array
givenName = Array
distinguishedName = Array
instanceType = Array
whenCreated = Array
whenChanged = Array
displayName = Array
uSNCreated = Array
memberOf = Array
uSNChanged = Array
name = Array
objectGUID = Array
userAccountControl = Array
badPwdCount = Array
codePage = Array
countryCode = Array
badPasswordTime = Array
lastLogoff = Array
lastLogon = Array
scriptPath = Array
pwdLastSet = Array
primaryGroupID = Array
objectSid = Array
accountExpires = Array
logonCount = Array
sAMAccountName = Array
sAMAccountType = Array
userPrincipalName = Array
objectCategory = Array
lastLogonTimestamp = Array
Closing connection
I realize there's an array of values in there for a lot (if not all) the attributes, I just don't know how to get them out at this point.
Any help would be much appreciated, thanks!
Last edited by mmX on Mon Apr 06, 2009 10:35 am, edited 1 time in total.
mmX
Forum Newbie
Posts: 10
Joined: Fri Apr 03, 2009 2:13 pm

Re: Enumerate All LDAP Attributes and Values for a User

Post by mmX »

Okay... so, I'm thinking it's something like this (replacing lines 36 through 41):

Code: Select all

    for ($x=0; $x<$info["count"]; $x++){
        for ($y=0; $y<$attrs["count"]; $y++){
            echo $attrs[$y] . " = ";
            for ($a=0; $a<$info["count"][strtolower($attrs[$y])]; $a++){
                echo $info[$a] . "<br />";
            }
            //echo print_r($info[$x][strtolower($attrs[$y])]) . "<br />";
        }
        echo "<hr />";
    }
but... that 'for ($a=0; $a<$info["count"][strtolower($attrs[$y])]; $a++)' is ALL wrong.
Last edited by mmX on Mon Apr 06, 2009 10:37 am, edited 2 times in total.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: Enumerate All LDAP Attributes and Values for a User

Post by pickle »

Just call print_r($info) & you should get everything you need (and probably more).

Also, please wrap your PHP code in [syntax=php][/syntax] tags so we can get syntax highlighting.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
mmX
Forum Newbie
Posts: 10
Joined: Fri Apr 03, 2009 2:13 pm

Re: Enumerate All LDAP Attributes and Values for a User

Post by mmX »

pickle wrote:Just call print_r($info) & you should get everything you need (and probably more).

Also, please wrap your PHP code in tags so we can get syntax highlighting.
Thanks pickle, I appreciate the response.
pickle wrote:Just call print_r($info) & you should get everything you need (and probably more).
I was using print_r to test; and, the emphasized is what I'm trying to avoid. Is there a 'cleaner' way of getting those values out, without having to parse from the print_r output? Something about dealing with that array is throwing me off...
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Enumerate All LDAP Attributes and Values for a User

Post by John Cartwright »

Pickle's suggestion was simply for debugging purposes so as you could see what was being returned inside the array.

It's a bit difficult to suggest anything without seeing the results ourselves, otherwise we can only give general examples.

For instance, a sample print_r() would reveal our test array as something like,

Code: Select all

 
$testarray = array('foo' => 'foovalue', 'bar' => 'barvalue');
print_r($testarray);
 
Array
(
'foo' => 'foovalue'
'bar' => 'barvalue'
)

Now we can either access a particular attribute of the said array,

Code: Select all

 
echo 'Foo = '. $testarray['foo'] .'<br>'; //returns Foo = foovalue
echo 'Bar = '. $testarray['bar'] .'<br>'; //returns Bar = barvalue
 
or we can loop the array using one of many looping techniques, the most common:

Code: Select all

 
foreach ($testarray as $key => $value) {
   echo $key .' = '. $value .'<br>'; //returns as as above example
}
 
mmX
Forum Newbie
Posts: 10
Joined: Fri Apr 03, 2009 2:13 pm

Re: Enumerate All LDAP Attributes and Values for a User

Post by mmX »

Alright, the foreach() function did it for me; I didn't know how to enumerate the array and foreach() just did it for me.

here's my final code (user information if acquired in a previous form)
(some information changed to protect the innocent!)

Code: Select all

 
<?
$logName = $_POST['logName'];
$passwd = $_POST['passwd'];
    
    //connect to database
    // include 'dbconnect.php';
 
// basic sequence with LDAP is connect, bind, search, interpret search
// result, close connection
 
echo "<h3>LDAP query test</h3>";
echo "Connecting ...";
$ds=ldap_connect("serverIP");  // must be a valid LDAP server!
echo "connect result is " . $ds . "<br />";
 
if ($ds) { 
    echo "Binding ..."; 
    $r=ldap_bind($ds,'domainprefix\\' . $logName,$passwd);
 
    echo "Bind result is " . $r . "<br />";
 
    echo "Searching for (account=$logName) ...";
    // Search surname entry
    $sr=ldap_search($ds, "DC=subdomain,DC=domain,DC=edu", "samaccountname=$logName");  
    echo "Search result is " . $sr . "<br />";
 
    echo "Number of entires returned is " . ldap_count_entries($ds, $sr) . "<br />";
 
    echo "Getting entries ...<p>";
    $info = ldap_get_entries($ds, $sr);
    echo "Data for " . $info["count"] . " items returned:<p>";
 
    for ($i=0; $i<$info["count"]; $i++) {
        echo "dn is: " . $info[$i]["dn"] . "<br />";
        echo "first cn entry is: " . $info[$i]["cn"][0] . "<br /><br />";
    }
    
    $entry = ldap_first_entry($ds, $sr);
    $attrs = ldap_get_attributes($ds, $entry);
    
    for ($x=0; $x<$info["count"]; $x++){
        for ($y=0; $y<$attrs["count"]; $y++){
            foreach ($info[$x][strtolower($attrs[$y])] as $v){
                echo $attrs[$y] . " = ";
                echo $v . "<br />";
            }
            //echo print_r($info[$x][strtolower($attrs[$y])]) . "<br />";
        }
        echo "<hr />";
    }
 
    echo "Closing connection";
    ldap_close($ds);
 
} else {
    echo "<h4>Unable to connect to LDAP server</h4>";
}
    
?>
 
Thank you John and pickle!
Post Reply