欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  后端开发

ldap_search() [function.ldap-search]: Search: Operatio_n_s error [

程序员文章站 2024-01-14 14:22:04
...
LDAP AD网域验证...

我采用普通的模式都可以,包括查询用户..
但是今天写一个类,报 ldap_search() [function.ldap-search]: Search: Operatio_n_s error

类的代码如下

$ldapDN,这个是正确的...
ldapBind() 也是可以验证用户名跟密码...
但是查询此用户的详细信息会报错, 网上都提示是因为AD域不支持匿名,但是我加上验证在search...也还报错...

不用类的时候,ldap_bind()后, 是可以的...看后面一段代码

class userldap {    private $ldapHost; //AD服务器地址    private $ldapPort; //AD服务器端口    private $ldapDomin; //AD网域    private $ldapDN = "OU=Users,OU=xxx,OU=abc,DC=adv,DC=ccc,DC=com"; //用户列表位置    private $userName;    private $passWord;    public function __construct($ldapDomin, $ldapHost, $ldapPort, $userName, $passWord) {        $this->ldapDomin = $ldapDomin;        $this->ldapHost = $ldapHost;        $this->ldapPort = $ldapPort;        $this->userName = $userName;        $this->passWord = $passWord;    }    private function ldapConnect() {        if (!$this->ldapConn = ldap_connect($this->ldapHost, $this->ldapPort)) {            $this->showerror = ldap_error($this->ldapConn);        } else {            $this->ldapConn = ldap_connect($this->ldapHost, $this->ldapPort);        }        return $this->ldapConn;    }    public function ldapBind() {        if (@ldap_bind($this->ldapConnect(), $this->ldapDomin . '\\' . $this->userName, $this->passWord)) {            ldap_bind($this->ldapConnect(), $this->ldapDomin . '\\' . $this->userName, $this->passWord);            return TRUE;        } else {            return FALSE;        }    }    public function getUserinfo() {        if ($this->ldapBind()) {            ldap_bind($this->ldapConnect(), $this->ldapDomin . '\\' . $this->userName, $this->passWord);            $this->adResult = ldap_search($this->ldapConnect(), $this->ldapDN, "(sAMAccountName=$this->userName)");            $this->userInfo = ldap_get_entries($this->ldapConnect(), $this->adResult); //获得查询结果        } else {            $this->userInfo = "NA";        }        return $this->userInfo;    }}



 if (!$ldap_conn = ldap_connect($ldap_host, $ldap_port)) {        $tip = "LADP HOST" . $ldap_host . " CANNOT CONNECT";    } else {        if (@ldap_bind($ldap_conn, $doMain . '\\' . $userName, $passWord)) {            $query = $db->select("bp_user", "userFullname", "where userNT='$userName'");            if ($row = $db->fetch_array($query)) {                $_SESSION['userName'] = $row['0'];                $_SESSION['passWord'] = $passwordDb;                $db->update("bp_user", "userPassword = '$passwordDb', userLogin=userLogin+1, userLoginip=INET_ATON('$lastip'),userUpdate='$nowtime'", "where userNT='$userName'");                ldap_unbind($ldap_conn) or die("Can't unbind from LDAP server.");                $msg = "USERNAME " . $row[0] . " Login In OK";                unset($query);                unset($row);                Get_admin_msg($lastUrl, $msg, 'main');            } else {                $base_dn =  "OU=Users,OU=xxx,OU=abc,DC=adv,DC=ccc,DC=com";;                $filter_col = "sAMAccountName"; //定义用于查询的列                $filter_val = $userName; //定义用于匹配的值                $result = ldap_search($ldap_conn, $base_dn, "($filter_col=$filter_val)"); //执行查询                $entry = ldap_get_entries($ldap_conn, $result); //获得查询结果                $userFullname = strtoupper($entry[0]['cn'][0]);                $userEmail = $entry[0]['mail'][0];                $userDept = $entry[0]['department'][0];                $userCustomer = $entry[0]['roomnumber'][0];                $entry = NULL;                $result = NULL;                ldap_unbind($ldap_conn) or die("Can't unbind from LDAP server.");                $query = NULL;                $row = NULL;}


回复讨论(解决方案)

那你就看看用类之后,参数是不是正确传递了,就是参数对不对

参数都是一样的....
所以很奇怪...

问题解决掉咯...
还是那个认证的问题...

我不知道是不是可以说成是线程的问题...
调用ldap_search之前必须要满足链接到ldap server并且通过ldap_bind的认证...

而在function里面,ldap_bind后,再进行Ldap_search的时候,再一次链接ldap server,生成的resource ID不一样...并且这个resouce ID没有进行ldap_bind认证...

所以修改的办法就是
调用getUserinfo的这个function的时候,需要再次重新链接ldap服务器并通过认证再获取用户信息,这样就不会报错...