PHP LDAP Get user details of member which is a member of a group
50,366
Worked it out using an excellent function created by Sam J Levy.
Here's the final code that worked.
<?php
function explode_dn($dn, $with_attributes=0)
{
$result = ldap_explode_dn($dn, $with_attributes);
foreach($result as $key => $value) $result[$key] = preg_replace("/\\\([0-9A-Fa-f]{2})/e", "''.chr(hexdec('\\1')).''", $value);
return $result;
}
function get_members($group,$user,$password) {
$ldap_host = "LDAPSERVER";
$ldap_dn = "OU=some_group,OU=some_group,DC=company,DC=com";
$base_dn = "DC=company,DC=com";
$ldap_usr_dom = "@company.com";
$ldap = ldap_connect($ldap_host);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);
ldap_bind($ldap, $user . $ldap_usr_dom, $password);
$results = ldap_search($ldap,$ldap_dn, "cn=" . $group);
$member_list = ldap_get_entries($ldap, $results);
$dirty = 0;
$group_member_details = array();
foreach($member_list[0]['member'] as $member) {
if($dirty == 0) {
$dirty = 1;
} else {
$member_dn = explode_dn($member);
$member_cn = str_replace("CN=","",$member_dn[0]);
$member_search = ldap_search($ldap, $base_dn, "(CN=" . $member_cn . ")");
$member_details = ldap_get_entries($ldap, $member_search);
$group_member_details[] = array($member_details[0]['givenname'][0],$member_details[0]['sn'][0],$member_details[0]['telephonenumber'][0],$member_details[0]['othertelephone'][0]);
}
}
ldap_close($ldap);
return $group_member_details;
}
// Specify the group from where to get members and a username and password with rights to query it
$result = get_members("groupname","username","password");
// The following will create an XML file with the details from $group_member_details
$xml = simplexml_load_string("<?xml version='1.0'?>\n<AddressBook></AddressBook>");
$version = $xml->addChild('version', '1');
foreach($result as $e) {
$contact = $xml->addChild('Contact');
$contact->addChild('FirstName', $e[0]);
$contact->addChild('LastName', $e[1]);
$phone = $contact->addChild('Phone');
if ($e[3] == '') {
$phone->addChild('phonenumber', '0');
} else {
$phone->addChild('phonenumber', $e[3]);
}
$phone->addChild('accountindex', '0');
$phone = $contact->addChild('Phone');
if ($e[2] == '') {
$phone->addChild('phonenumber', '0');
} else {
$phone->addChild('phonenumber', $e[2]);
}
$phone->addChild('accountindex', '1');
$contact->addChild('Group', '0');
$contact->addChild('PhotoUrl', 'empty');
}
$xml->asXML('phonebook.xml');
?>
Author by
Brigante
Updated on February 25, 2020Comments
-
Brigante about 4 years
I'm trying to create a PHP script that will return some details of each member that is part of a specific group in our Active Directory.
I have no problem connecting and display the names (CN) of the group members but when it comes to displaying details such as telephone, email and username I'm stuck.
Here's my code I'm trying with. Can anyone see what I'm doing wrong?
<?php $ldap_server = "AD_Server.domain.pri:389"; $auth_user = "[email protected]"; $auth_pass = "password"; $base_dn = "OU=IM Groups,OU=GLOBAL,DC=domain,DC=pri"; $filter = "(&(objectCategory=user)(memberOf=IM-ALL_USERS))"; // connect to server if (!($connect=@ldap_connect($ldap_server))) { die("Could not connect to ldap server"); } // bind to server if (!($bind = ldap_bind($connect, $auth_user, $auth_pass))) { die("Unable to bind to server"); } // search active directory if (!($search = ldap_search($connect, $base_dn, $filter))) { die("Unable to search ldap server"); } $number_returned = ldap_count_entries($connect,$search); $info = ldap_get_entries($connect, $search); echo "The number of entries returned is ". $number_returned."<p>"; for ($i=0; $i<$info["count"]; $i++) { echo "Name is: ". $info[$i]["givenname"][0]."<br>"; echo "Display name is: ". $info[$i]["displayname"][0]."<br>"; echo "Email is: ". $info[$i]["mail"][0]."<br>"; echo "Telephone number is: ". $info[$i]["telephonenumber"][0]."<p>"; } ?>