时间戳

首页 > 解决方案 > LDAP 从登录用户那里获取电子邮件地址

php - LDAP 从登录用户那里获取电子邮件地址

问题描述

如何使用 LDAP 从登录用户(用户来自 ActiveDirectory)获取邮件地址。

现在我可以通过 AD 凭据登录,这工作正常。

但我还想从登录用户那里获得电子邮件地址。

如果我可以将它放在一个变量中,那就太好了,因为我想在之后使用它。

认证.php

<?php
function authenticate($user, $password) {
    if(empty($user) || empty($password)) return false;

    $ldap_host = " ipaddres ";
    $ldap_dn = "DC=mydc,DC=mydc";

    $ldap_usr_dom = '@mydc';
    $ldap = ldap_connect(" ipaddress ", 389);

    ldap_set_option($ldap,LDAP_OPT_PROTOCOL_VERSION,3);
    ldap_set_option($ldap,LDAP_OPT_REFERRALS,0);

    if($bind = @ldap_bind($ldap, $user.$ldap_usr_dom, $password)) {

        $filter = "(sAMAccountName=".$user.")";
        $attr = array("mail");
        $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");

        $entries = ldap_get_entries($ldap, $result);
        ldap_unbind($ldap);


        foreach($entries[0]['mail'] as $mail) {
            $access = 1;
            if ($mail != ''){
                $_SESSION['mail'] = $mail;
            }
        }

        if($access != 0) {
            $_SESSION['user'] = $user;
            $_SESSION['access'] = $access;
            return true;
        } else {
            return false;
        }

    } else {
        return false;
    }
}
?>

登录.php

<?php
// initialize session
session_start();

include("authenticate.php");

// check to see if user is logging out
if(isset($_GET['out'])) {
    // destroy session
    session_unset();
    $_SESSION = array();
    unset($_SESSION['user'],$_SESSION['access']);
    session_destroy();
}

// check to see if login form has been submitted
if(isset($_POST['userLogin'])){
    // run information through authenticator
    if(authenticate($_POST['userLogin'],$_POST['userPassword']))
    {
        // authentication passed
        header("Location: protected.php");
        die();
    } else {
        // authentication failed
        $error = 1;
    }
}

// output error to user
if(isset($error)) echo "Login failed: Incorrect user name, password, or rights<br />";

// output logout success
if(isset($_GET['out'])) echo "Logout successful";
?>

<form action="login.php" method="post">
    User: <input type="text" name="userLogin" /><br />
    Password: <input type="password" name="userPassword" />
    <input type="submit" name="submit" value="Submit" />
</form>

页面.php

<?php
// initialize session
session_start();

if(!isset($_SESSION['user'])) {
    // user is not logged in, do something like redirect to login.php
    header("Location: login.php");
    die();
}

if($_SESSION['access'] != 2) {
    // another example...
    // user is logged in but not a manager, let's stop him
    header("Location: general.php");
    die();
}
?>

<p>Hi <?= $_SESSION['user'];  $_SESSION['mail']; //there I want to have Hi John Doe (it works) but i don't see mail address?>!</p>


<p><a href="login.php?out=1">Logout</a></p>

标签: phpldap

解决方案

推荐阅读