CODEWITHSUNDEEP
phpldapldap-query
yusof
yusof

Reputation: 163

Nested LDAP search for an attribute

In an AD server we have an attribute called directreports. I want to be able to go top to bottom in the chain. CEO his direct reports are A,B,C. As direct reports are D,E,F while Bs direct report is G,H,I. Then Ds direct reports are X,Y,Z, etc all the way down.

I've looked at this as a nested group kind of thing, but it's not. I'm lost as how to tackle this all together. I'm trying to do this in PHP. My php code right now just searches a user and gives me the direct reports.

<?php

function aduserlookup ($UserName)
{
    include_once 'config.php';
    $ldapconn = ldap_connect("ldap://<IP>:389") or die("Could not connect to the ldap server");

    if($ldapconn) {
        $r = @ldap_bind($ldapconn, $ldapuser."@test.com", $ldappass);
        $sr=ldap_search($ldapconn, "OU=Employees,OU=Users,DC=test,DC=com", 
"cn=" . $UserName);  
        $info = ldap_get_entries($ldapconn, $sr);
        ldap_close($ldapconn);
        return $info;
    } else {
            echo "<h4>Unable to connect to LDAP server</h4>";
    }
}

$user = aduserlookup('test');
$directreports = $user[0]['directreports'];
echo '<pre>';
var_dump($directreports);
echo '</pre>';

foreach ($directreports as $key => $value)
{
        $directreports = substr($value, 0, strpos($value, ","));
        $directreports = strstr($directreports, '=');
        $directreports = str_replace('=', '', $directreports);
        $directreports1 = aduserlookup('\'' . $directreports . '\'');
        echo $directreports1 . "<br>";
}
?>

Upvotes: 1

Views: 1369

Answers (1)

jwilleke
jwilleke

Reputation: 11026

IF you are using Microsoft Active Directory and If I understood what you are looking for, You can Query All users that report to a department manager or their subordinates by using this query

(manager:1.2.840.113556.1.4.1941:=CN=manager,OU=users,DC=willeke,DC=com)

DirectReports is a server generated list of users that directly report to the "manager". The users that are listed as reports are those that have the property manager property set to this user. Each item in the list is a Linked Attribute to the object that represents the user.

Upvotes: 2

Related Questions