retrieve displayname and mail for all users in an ldap (AD) group
in [Windows]
|
Prev: Still cannot append one table to another without duplicates following.
Next: PHP to get server name and drive info for mapped drive
From: Brent Gardner on 17 May 2010 19:16 Hello, list. I'm hoping someone can help me optimize an LDAP lookup. Querying Active Directory, I'm trying to retrieve the "displayName" and "mail" attributes for each user in a group. I've put together a routine that works after studying several examples online and a lot of trial and error, but I'm no PHP expert. It seems like there's more work going on here than is necessary. My code retrieves the DN for each user in the group, then runs another query for each DN to get the values for displayName and mail. Is there a more elegant solution? Ultimately, I'm using this code to populate a dropdown field on a webform so a user can select a username to send an email message to without exposing all the users' email addresses. My code's listed below. Thanks. Brent Gardner <?php echo "<html>\n\n"; echo " <body>\n\n"; // connect to ldap server (2003 AD on local machine) // $ds = ldap_connect("ldap://127.0.0.1") or die (" Could not connect to AD.<br>\n\n"); if ($ds) { // set some connection options // ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION,3) or die (" Could not set protocol version.<br>\n\n"); ldap_set_option($ldapconn, LDAP_OPT_REFERRALS,0) or die (" Could not set option referrals.<br>\n\n"); // This is the user account to use to connect to Active Directory. // 2003 AD does not allow anonymous binds. // $username = "ldapqueryuser(a)example.local"; $password = "notreallythepassword"; // bind to AD // $ldapbind = ldap_bind($ds, $username, $password) or die (" Could not bind to AD.<br>\n\n"); if ($ldapbind) { echo " LDAP bind successful...<br><br>\n\n"; // Get the list of users that are in a groiup named 'Example'. // This set of commands produces a list of full DNs for the users in the // Example group and stores the list in $Values. // $dn = "ou=TestOU,ou=Users,dc=example,dc=local"; $sr = ldap_search($ds, $dn, "cn=Example"); $Entry = ldap_first_entry($ds, $sr); $Values = ldap_get_values($ds, $Entry, "member"); if ($Values["count"] > 0) { // Get the displayname and email address for the users that are in the // Example group. // // The data is put into an array called $Users. // The format of the array is: // // $Users[index] = value // // where the index is the user's display name and the value is the email // address. // $Users = array(); for ($i=0; $i<$Values["count"]; $i++) { $UserSR = ldap_read($ds, $Values[$i], "(&(objectClass=*))", array("displayname", "mail")); $UserValues = ldap_get_entries($ds, $UserSR); $Users[$UserValues[0]["displayname"][0]] = $UserValues[0]["mail"][0]; } // sort the list by the index, which is the displayname // ksort($Users); echo " Users:<br>\n\n"; echo " <table>\n\n"; // list the users and their email addresses // // This runs through the array, producing the values of the array in pairs. // The pairs are produced in order, from the beginning of the array to the // end of the array. Since the array was sorted using ksort above, the index // values of the array should be in alphabetical order. // // As the loop runs through the array, the index value, which is the displayname // will be placed in $UserDisplayName and the email address will be placed in // $UserMail. // foreach ($Users as $UserDisplayName => $UserMail) { echo " <tr>\n"; echo " <td>"; echo $UserDisplayName; // displays the user's displayname echo "</td>\n"; echo " <td>"; echo $Users[$UserDisplayName]; // displays the user's email address echo "</td>\n"; echo " </tr>\n\n"; } echo " </table><br>\n\n"; } else { echo " No data returned.<br>\n\n"; } } ldap_close($ds); } echo " </body>\n\n"; echo "</html>\n"; ?> |