0

I'm trying to get all user's full name from an active directory based on certain logon script ex:"Staff" in their profile in the active directory not based on organizational units.

Here is my code:

<?php
// active directory 
$ldap_host    = "xxx";
$ldap_port    = "xxx";
// Active Directory DN
$ldap_dn[]    = "ou=Staff,DC=xxx,DC=xxx,DC=xx";
$ldap_dn[]    = "ou=Faculty,DC=xxx,DC=xxx,DC=xx";
// Domain, for purposes of constructing $user
$ldap_usr_dom = "@xxx.xxx.xx";
// connect to active directory
$ldap         = ldap_connect($ldap_host, $ldap_port);
$ldap_id[]    = $ldap;
$ldap_id[]    = $ldap;
$username     = "xxx";
$password     = "xxx";
// verify user and password
if ($bind = @ldap_bind($ldap, $username . $ldap_usr_dom, $password)) {
    $filter = "(objectCategory=person)";
    $result = ldap_search($ldap_id, $ldap_dn, $filter) or exit("Unable to search LDAP server");
    foreach ($result as $value) {
        if (ldap_count_entries($ldap, $value) > 0) {
            $search = $value;
            break;
        }
    }

    if ($search) {
        $entries = ldap_get_entries($ldap, $search);
        for ($x = 0; $x < $entries['count']; $x++) {
            if (!empty($entries[$x]['cn'][0])) {
                $ad_users[$x] = $entries[$x]['cn'][0];
                print_r($ad_users);
                echo $ad_users[$x]."<br>";
            }
        }
    }
    ldap_unbind($ldap); // Clean up after ourselves.
}

$m .= "Retrieved " . count($ad_users) . " Active Directory users\n";
echo $m;
?>

My code retrieve all users under Staff unit with different logon script some are Staff and other are User.

Learner
  • 611
  • 3
  • 12
  • 28

1 Answers1

0

You could try, for the ldap filter, the following perhaps:

$script='staff.vbs';
$filter = "(&(objectCategory=person)(objectClass=user)(scriptPath={$script}))";
Professor Abronsius
  • 33,063
  • 5
  • 32
  • 46
  • Sir last question: what if the logon script is more than one word, say for exaple: Staff and Staff_Logos. How to edit your lines ? – Learner Dec 22 '15 at 07:55
  • You should, probably, be able to use wildcards within the expression. http://stackoverflow.com/questions/9564120/using-wildcards-in-ldap-search-filters-queries or http://forums.asp.net/t/1029112.aspx?How+to+query+LDAP+using+LIKE+statement – Professor Abronsius Dec 22 '15 at 08:01