LDAP 搜索具有特定经理的所有用户
LDAP search for all users with a specific manager
似乎无法在 LDAP 中搜索管理员属性。我想 return 所有以 Jane Doe 为经理的用户。任何指针将不胜感激。
$filter = "(&(objectClass=user)(objectCategory=person)(manager=*Jane Doe*))";
$result = ldap_search($ldap, $ldap_dn, $filter) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
更多搜索(在我的一位了不起的朋友的帮助下 - 感谢 Scott Carter!)找到了这个问题。 Answer below found here
The wildcard character "" is allowed, except when the 'AD Attribute'
is a DN attribute. Examples of DN attributes are distinguishedName,
manager, directReports, member, and memberOf. If the attribute is DN,
then only the equality operator is allowed and you must specify the
full distinguished name for the value (or the "" character for all
objects with any value for the attribute). Do not enclose the DN value
in parentheses (as is done erroneously in some documentation). If the
attribute is multi-valued, then the condition is met if any of the
values in the attribute match the filter.
因此,为了搜索拥有 Jane Doe 经理的所有成员,您必须首先拥有 Jane Doe 的完整 DN。
$filter="(&(objectClass=user)(objectCategory=person)(manager=CN=Jane Doe,OU=IT,OU=Users,OU=USA,OU=yourcompany,DC=corp,DC=yourcompany,DC=com))";
然后你会得到你正在寻找的结果...
似乎无法在 LDAP 中搜索管理员属性。我想 return 所有以 Jane Doe 为经理的用户。任何指针将不胜感激。
$filter = "(&(objectClass=user)(objectCategory=person)(manager=*Jane Doe*))";
$result = ldap_search($ldap, $ldap_dn, $filter) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
更多搜索(在我的一位了不起的朋友的帮助下 - 感谢 Scott Carter!)找到了这个问题。 Answer below found here
The wildcard character "" is allowed, except when the 'AD Attribute' is a DN attribute. Examples of DN attributes are distinguishedName, manager, directReports, member, and memberOf. If the attribute is DN, then only the equality operator is allowed and you must specify the full distinguished name for the value (or the "" character for all objects with any value for the attribute). Do not enclose the DN value in parentheses (as is done erroneously in some documentation). If the attribute is multi-valued, then the condition is met if any of the values in the attribute match the filter.
因此,为了搜索拥有 Jane Doe 经理的所有成员,您必须首先拥有 Jane Doe 的完整 DN。
$filter="(&(objectClass=user)(objectCategory=person)(manager=CN=Jane Doe,OU=IT,OU=Users,OU=USA,OU=yourcompany,DC=corp,DC=yourcompany,DC=com))";
然后你会得到你正在寻找的结果...