PHP LDAP not showing group membership

titos97 0 Newbie Poster

10 Years Ago

I am trying to make authenticate and authorization through windows 2008 active directory . i am able to authenticate and retrive users under direct member but unable to list or link users through member of member. suppose user joe is direct member of Dl-Engineering NS group and user sam is under Dl-Engineering AC group . but Dl-Engineering NS & Dl-Engineering AC are member of Dl-Engineering group so logically user sam & joe belongs to Dl-Engineering group via NS & AC group. But my code unable to find that.

<?php
// Initialize session
session_start();

function authenticate($user, $password) {
    // Active Directory server
    $ldap_host = "10.1.1.7";

    // Active Directory DN
    $ldap_dn = "OU=Users,OU=citrix,DC=testdc,DC=com";

    // Active Directory  Engineering group 
    $ldap_engineer_NS = "DL-Engineering";

    // Active Directory manager group
    $ldap_manager_NS = "DL-Managers";

      // Active Directory warehouse group
    $ldap_warehouse= "Warehouse";

    // Domain, for purposes of constructing $user
    $ldap_usr_dom = "@testdc.com";

    // connect to active directory
    $ldap = ldap_connect($ldap_host);

    // verify user and password
    if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
        // valid
        // check presence in groups
        $filter = "(sAMAccountName=" . $user . ")";
        $attr = array("memberof");
        $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
        $entries = ldap_get_entries($ldap, $result);
        ldap_unbind($ldap);

        // check groups

        foreach($entries[0]['memberof'] as $grps) {
            // is manager, break loop
            if (strpos($grps, $ldap_manager_NS)) { $access = 2; break; }

             // is  warehouse user
            if (strpos($grps, $ldap_warehouse)) { $access = 3; break; }

            // is  Engineer user
            if (strpos($grps, $ldap_engineer_NS)) { $access =1; break; }
        }



        if ($access == 1) {
            // establish session variables
            $_SESSION['user'] = $user;
            $_SESSION['access'] = $access;


               header("Location: ses.php");
                            return true;
                }

                    if ($access == 2) {
            // establish session variables
            $_SESSION['user'] = $user;
            $_SESSION['access'] = $access;
            header("Location: ses.php");

                return true;
                }

                        if ($access == 3) {
            // establish session variables
            $_SESSION['user'] = $user;
            $_SESSION['access'] = $access;
            header("Location: ses1.php");

                return true;
                }
        else {


            // user has no rights
            return false;
        }

    } else {
        // invalid name or password

        return false;
    }
}
?>

php

1 Contributor
0 Replies
340 Views

Be the first to reply

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.