Reputation: 11295
ldap active directory PHP filter
I want list members by some CN
I'm usign filter, it's work:
$filter="(&(objectCategory=user)(sAMAccountName=username)(memberOf=CN=g_jira,OU=Jira,OU=Groups,DC=office,DC=lamoda,DC=ru))";
$result = ldap_search($ldap,"DC=office,DC=example,DC=ru",$filter);
ldap_sort($ldap,$result,"sn");
$info = ldap_get_entries($ldap, $result);
var_dump($info);
It's not work for me, when I try to search user only by CN.
$filter="(&(objectCategory=user)(sAMAccountName=username)(memberOf=CN=g_jira*))";
$result = ldap_search($ldap,"DC=office,DC=example,DC=ru",$filter);
ldap_sort($ldap,$result,"sn");
$info = ldap_get_entries($ldap, $result);
var_dump($info);
In 2 example I'm getting count = 0, what is worng with my example, how to provide only CN in filter and get some result as in 1 example ?
Upvotes: 1
Views: 1496
Answers (1)
Reputation: 12139
You cannot search for CN only where distinguished names are expected.
To achieve your goal, you must first find all groups that match your criteria:
$filter = "(&(CN=g_jira*))";
Once you get all the groups, you read their member attribute, perhaps uniquify the list of members so that you do not have duplicates and then query each of those users individually to get the users' data.
Alternatively (this might be faster depending on the number of g_jira groups), you search for all the groups as explained above and then perform searches as you originally intended, but for each group's full distinguished name. Then, you merge the returned lists of users.
Upvotes: 2
Related Questions
- ldap filter for distinguishedName
- PHP - LDAP Filter members of a group
- PHP - ldap_search() filter. How to search for user
- LDAP/AD filter - "objectclass not equal to" is not working
- Active Directory Filter PHP
- Issue Querying LDAP in PHP
- LDAP - optimising filter
- LDAP Filter - Find all users of specific OU
- Best way to filter out LDAP users
- PHP LDAP search/list filter problem - logical NOT