Reputation: 433
Active Directory search using DN (distinguished name)
I am working on a PHP function to get the manager of an active directory user(using the users email address). After getting the manager, I want to get the managers e-mail address.
I use this code to get the manager:
//Search using a filter.
$result = ldap_search($connect,$ldaptree, "([email protected])") or die ("Error in search query: ".ldap_error($connect));
$data = ldap_get_entries($connect, $result);
// iterate over array and print data for each entry
echo '<h1>Show me the users</h1>';
for ($i=0; $i<$data["count"]; $i++) {
echo "Manager: " . print_r($data[$i]["manager"]) . "<br />";
The code is working and I am getting correct values when searching for users email or other attributes.
But when I am searching for the manager echo "Manager: " . print_r($data[$i]["manager"]) . "<br />";
then I get the DN (distinguished name) of the manager.
For example: "Array ( [count] => 1 [0] => CN=LASTNAME\, FIRSTNAME,OU=01_User,DC=int,DC=domain,DC=de ) Manager: 1"
Now the problem is, when I try to search for the managers email address, using the DN as filter
$result = ldap_search($connect,$ldaptree, "(DN=".$data[$i]["manager"]."") or die ("Error in search query: ".ldap_error($connect));
Then I get an "Array to string convertion error". If I use print_r($data[$i]) to convert to string, then I get "Error in search query: Bad search filter".
So my question is, how can I use the DN to get the attributes of the user behind the DN? Is it possible to filter for a DN? Do I have to process the DN string?
Hope someone can help me. Thank you!
Upvotes: 0
Views: 2731
Answers (2)
Reputation: 3861
You should be able to retrieve the Manager by calling ldap_search directly with the DN of the manager as BaseDN and a filter of (objectclass=*)
$result = ldap_search($connect, $data[$i]['manager'][0], '(objectclass=*)');
I updated the answer with the feedback from the OP.
Upvotes: 1
Reputation: 40858
Your code has a few issues:
The error message is correct. You are giving it an array, not a string. I think you mean to use the
managerattribute there ($data[$i]["manager"][0], not$data[$i]). In the search results, attributes are all presented as arrays, even if they are single-valued attributes (likemanager).You are missing the closing parenthesis in the LDAP query. It should look like this:
If you are indeed using Active Directory, the attribute is called
distinguishedName, notDN(I believe some OpenLDAP implementations useDN, which is why that shows up in documentation).
So your code should look like this:
$result = ldap_search($connect,$ldaptree, "(distinguishedName=" . $data[$i]["manager"][0] . ")") or die ("Error in search query: ".ldap_error($connect));
Upvotes: 1
Related Questions
- How do you search by DN in LDAP?
- PHP - ldap_search() filter. How to search for user
- PHP - LDAP Authentication and Search
- searching in LDAP via PHP
- Searching for email address ldap active directory
- php ldap_search in Active Directory root DN - empty results
- Search for users in AD
- Unable to search LDAP server using PHP
- php Active Directory lookup
- Search Multiple AD DN's withPHP