PHP operations on AD and adLDAP APIs and Examples

Source: Internet
Author: User
Tags samaccountname

This article describes how to use PHP to operate AD
Tool ADLDAP. php
Download location http://adldap.sourceforge.net/download.php
API (the following is from the http://adldap.sourceforge.net, the translation level is limited, please correct if there is anything wrong)
Constructor ($ options = array () // constructor
You can specify the AD settings in the class by configuring variables, or overwrite the class by specifying the $ option array when the class is called.
The call method is like $ object = new adLDAP ($ options); $ options is an array composed of one or more of the following keys

Account_suffix
Default Value: "@ mydomain. local"
Complete domain account suffix
Base_dn
Default Value: "DC = mydomain, DC = local"
The base dn of the domain. generally, base dn is the same as account suffix, but is separated and prefixed with "DC =. base dn can be located in the expansion of Active Directory Users and Computers MMC
Show attributes
If the authenticated user is normal but cannot be searched, it is generally because an incorrect base_dn is specified.
 
Domain_controllers
Default Value: array ("dc01.mydomain. local ")
Domain Controller array. If you want this class to balance queries through multiple controllers, you can specify multiple controllers in this array. Remember that this class will send requests to an unconnected domain controller, because it only implements balance
Without fault tolerance
.

Ad_username
Default Value: NULL
By default, adLDAP performs queries with authenticated user account permissions. You can specify a user account with higher permissions to perform authorization operations.
 
Ad_password
Default Value: NULL
The password of ad_username.

Real_primarygroup
Overwrite the primary group using "Domain Users"

Use_ssl
Default Value: false
AdLDAP can use LDAP through SSL to provide additional functions such as changing the password. When this option is selected, you must configure the corresponding options for your domain controller and WEB server, not only to set it to true, for more information, see SSL
LDAP options
 
Recursive_groups
Default Value: true
Recursive query of group members
For example, if user Fred is a member of the "Business Unit" group, "Business Unit" is a member of the Department group, and Department is a member of the "Company" group.
User_ingroup ("Fred", "Company") returns true when this item is enabled; otherwise, false is returned.
------------------------ Main operation methods
Authenticate ($ username, $ password, $ prevent_rebind = false)
Identifies the username/password of the domain controller user
 
Group_add_group ($ parent, $ child)
Add a sub-group to the parent group. true or false is returned.
 
Group_add_user ($ group, $ username)
Returns true or false if you add a user to a group.
 
Group_create ($ attributes)
Returns true or false to create a group with a specified attribute.

Attribute Req Notes
Group_name *
Container *
Description

Group_del_group ($ parent, $ child)
Returns true or false if the child group is deleted from the parent group.

Group_del_user ($ group, $ users)
Returns true or false if a user is deleted from a group.

Group_info ($ group_name, $ fields = NULL)
Returns an array of information about a specified group. The group name is case sensitive.
Default files include member, memberof, description, distinguishedname, objectcategory, samaccountname

User_create ($ attributes)
Returns true or false if a user is created successfully or fails.

Attribute Req Notes
Username *
Firstname *
Surname *
Email *
Container * The folder in AD to add the user.
Address_city
Address_code
Address_pobox
Address_state
Address_street
Change_password: If the value is 0, you do not need to change the password to 1 during next logon.
Company name.
Department
Description
Display_name
Email address, not exchange mailbox
Enabled 0 is disabled 1 is enabled
Expires account validity period (unix timestamp ).
Firstname
Home_directory
Home_drive
Initials
The logon_name logon name is different from other user names.
Manager
Office
Password The password can only be set over SSL. It must also meet the password policy for your domain.
Profile_path
Script_path
Surname
Title
Telephone
Web_page

User_delete ($ username)
Returns true or false to delete a user.

User_groups ($ username, $ recursive = NULL)
Returns information about the user group.

If $ recursive is true, the group list is returned recursively.

User_info ($ username, $ fields = NULL)
Returns the information array of the specified user. $ fields must be an array.
Default fields: samaccountname, mail, memberof, department, displayname, telephonenumber, primarygroupid
To view all available information, set $ fields to "*" to call this function.
This function returns a finite set. Unless the current authenticated account is administrator, one user cannot query another user's "memberof" domain unless they are the manager of the container.

User_ingroup ($ username, $ group, $ recursive = NULL)
Returns true or false if the user belongs to this group.
Like the user_info () function, this function returns valid results only when the authenticated user is administrator.
 
User_modify ($ username, $ attributes)
Modify user attributes and return true or false

User_password ($ username, $ password)
Set the password of the specified user. ldaps is required.

Computer_info ($ computer_name, $ fields = NULL)
Returns the details of the specified computer.

All_users ($ include_desc = false, $ search = "*", $ sorted = true)
Returns all user lists in AD, which may not work in a large directory.
All_groups ($ include_desc = false, $ search = "*", $ sorted = true)
Returns all groups in AD, which may not work in a large directory.
Samples:
Login
<? Php
Include "adLDAP. php"
$ Config ['account _ suffix '] =' @ xxx.com '; // Domain Controller suffix
$ Config ['adserver'] = array ('192. 168.1.10 ', '192. 168.1.1'); // domain controller. If there is only one array ('192. 168.1.10 ')
$ Config ['base _ dn'] = 'cn = users, dc = xxx, dc = com ';
$ Adldap = new adLDAP (array ('domain _ controllers' => $ config ['adserver'], 'account _ suffix '=> $ config ['account _ suffix'], 'base _ dn' => $ config
['Base _ dn'], 'ad _ username' => 'admin', 'ad _ password' => ''));
If ($ adldap)
{
Echo "Logon successful ";
}
Else
{
Echo "Logon Failed ";
}
?>
List all users
<? Php
Echo "<B> All users </B> <br> ";
Foreach ($ adldap-> all_users () as $ val)
{
Echo $ val. "<br> ";
}
?>
List all Groups
<? Php
Echo "<B> groups </B> <br> ";
Foreach ($ adldap-> all_groups () as $ val)
{
Echo $ val. "<br> ";
}
?>
Print information about a computer
<? Php
Print_r ($ adldap-> user_info ("wang "));
?>
Create user
<? Php
If ($ adldap-> user_create (array ('username' => 'tonix ', 'firstname' => 'firstname', 'surname' => "surname ", 'email '=> 'e @ 123.com', 'Container' =>
'Container ')))
{
Echo "OK ";
}
Else
{
Echo "error ";
}
?>
Create Group
<? Php
If ($ adldap-> group_create ("group_name = test, container = www "))
{
Echo "OK ";
}
Else
{
Echo "error ";
}
?>

Author: "flying life"
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.