php ldap搜索查找组的用户成员

Question

我在Centos 7上安装了OPENLDAP。 现在，我尝试创建一个PHP网页，该网页可以帮助我找到用户所在的所有组。

我尝试了此功能，但不起作用：

function get_groups($user) {
    // Active Directory server
    $ldap_host = "127.0.0.1";

    // Active Directory DN, base path for our querying user
    $ldap_dn = "dc=test,dc=local";

    // Active Directory user for querying
    $query_user = "cn=Manager,dc=test,dc=local";
    $password = "mypass";

    // Connect to AD
    $ldap = ldap_connect($ldap_host, $ldap_port) or die("Could not connect to LDAP");
    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_bind($ldap,$query_user,$password) or die("Could not bind to LDAP");

    // Search AD
    $results = ldap_search($ldap,$ldap_dn,"($user)",array("memberof","primarygroupid"));
    $entries = ldap_get_entries($ldap, $results);
    // No information found, bad user
    if($entries['count'] == 0) return false;

    // Get groups and primary group token
    $output = $entries[0]['memberof'];

    $token = $entries[0]['primarygroupid'][0];

    // Remove extraneous first entry
    array_shift($output);

    // We need to look up the primary group, get list of all groups
    $results2 = ldap_search($ldap,$ldap_dn,"(objectcategory=group)",array("distinguishedname","primarygrouptoken"));
    $entries2 = ldap_get_entries($ldap, $results2);

    // Remove extraneous first entry
    array_shift($entries2);

    // Loop through and find group with a matching primary group token
    foreach($entries2 as $e) {
        if($e['primarygrouptoken'][0] == $token) {
            // Primary group found, add it to output array
            $output[] = $e['distinguishedname'][0];
            // Break loop
            break;
        }
    }

    return $output;
    ldap_close($ldap);
}

我尝试了其他功能：

function searchMyLDAP($username){
    include_once 'conf/config.inc.php';
    #$ldap_hostname = "127.0.0.1";
    #$ldap_port = "389";
    #$ldap_dn = "cn=Manager,dc=test,dc=local";
    #$ldap_password ="mypass";
    $username = "cn=". $username . "*";

    $ldap_con = ldap_connect($ldap_hostname,$ldap_port);

    ldap_set_option($ldap_con, LDAP_OPT_PROTOCOL_VERSION, 3);

    if(ldap_bind($ldap_con, $ldap_dn, $ldap_password)){

        #$filter = "(cn=Albert Einstein)";
        #$result = ldap_search($ldap_con,"dc=example,dc=com",$filter) or exit("Unable to search");
        $result = ldap_search($ldap_con,$ldap_search,$username) or exit("Unable to search");

        $entries = ldap_get_entries($ldap_con, $result);

        print "<pre>";
        print_r ($entries);
        print "</pre>";
    } else {
        echo "Invalid user/pass or other errors!";
    }
    ldap_close($ldap_con);
}

但是它不会返回组成员信息。

我尝试使用samaccountname，但不起作用，如何在我的openldap中为我的用户看到此值？ 我使用phpldapadmin通过web管理我的openldap服务器。