PHP operation AD, adLDAP class API detailed explanation and examples_PHP tutorial

This article briefly describes how to operate AD through PHP
Tools ADLDAP.php
Download location http://adldap.sourceforge.net/download.php
API (the following is from http://adldap.sourceforge.net, the translation level is limited, please correct me if there are any inaccuracies)
constructor($options=array())//Constructor
You can specify the AD settings in the class through configuration variables, or they can be overridden by specifying the $option array when the class is called.
The calling method looks like $object = new adLDAP($options); $options is an array consisting of one or more of the following keys

account_suffix
Default: "@mydomain.local"
Full domain account suffix
base_dn
Default: “DC=mydomain,DC=local”
The base dn of the domain. Generally speaking, the base dn is the same as the account suffix, but is separated and prefixed with "DC=". The base dn can be located in the Active Directory Users and Computers MMC extensions
Exhibition attributes
If the authenticated user is normal but cannot search, it is generally because an incorrect base_dn
is specified.
domain_controllers
Default: array (“dc01.mydomain.local”)
Array of domain controllers. If you want this class to balance queries through multiple controllers, you can specify multiple controllers in this array. Remember that this class will send requests to an unreachable domain controller because it only implements Balance
No fault tolerance
.

ad_username
Default: NULL
By default, adLDAP will perform queries with the permissions of an authenticated user account. You can specify a user account with higher permissions to perform authorization operations

ad_password
Default: NULL
The corresponding password for ad_username.

real_primarygroup
Override primary group via "Domain Users"

use_ssl
Default: false
adLDAP can use LDAP through SSL to provide additional functions such as changing passwords. When selecting this option, both your domain controller and WEB server need to configure the corresponding options. Not only set it to true, please refer to the SSL method
for details. LDAP options

recursive_groups
Default: true
Recursive query group members
For example, user Fred is a member of the group "Business Unit", "Business Unit" is a member of the group "Department", and "Department" is a member of the group "Company"
user_ingroup("Fred","Company") returns true when the item is turned on, otherwise returns false
--------------------------The following main operation methods
authenticate($username,$password,$prevent_rebind=false)
Username/password to identify domain controller users

group_add_group($parent,$child)
Add a subgroup to the parent group, return true or false

group_add_user($group,$username)
Add a user to a group, return true or false

group_create($attributes)
Create a group with specified attributes, return true or false

Attribute Req Notes
group_name *
container *
description

group_del_group($parent,$child)
Delete the child group from the parent group, return true or false

group_del_user($group,$users)
Remove a user from a group, return true or false

group_info($group_name,$fields=NULL)
Returns an array of information about the specified group. Group names are case-sensitive
The default file contains member, memberof, description, distinguishedname, objectcategory, samaccountname

user_create($attributes)
Create a user, return true or false when the operation succeeds or fails

Attribute Req Notes
username *
firstname *
surname *
email *
container * The folder in AD to add the user to.
address_city
address_code
address_pobox
address_state
address_street
change_password If it is 0, the user does not need to change the password when logging in next time. If it is 1, the password must be changed when logging in next time
company Company name.
department
description
display_name
email email address, non-exchange mailbox
enabled 0 means disabled 1 means enabled
expires Account validity period (unix timestamp).
firstname
home_directory
home_drive
initials
logon_name The login name is different from other usernames.
manager
office
password The password can only be set over SSL. It must also meet the password policy for your domain.
profile_path
script_path
surname
title
telephone
web_page

user_delete($username)
Delete a user, return true or false

user_groups($username,$recursive=NULL)
Return the information of the group to which the user belongs

If $recursive is true, the group list will be returned recursively.

user_info($username,$fields=NULL)
Returns the information array of the specified user. $fields must be an array
The default fields are: samaccountname, mail, memberof, department, displayname, telephonenumber, primarygroupid
To view all available information, set $fields to "*" and call this function
This function will return a limited set. Unless the current authentication account is administrator, a user cannot query the "memberof" field of another user unless they are the administrator of this container

user_ingroup($username,$group,$recursive=NULL)
Whether the user belongs to the group, returns true or false
Like the user_info() function, this function will only return valid results when the current authenticated user is administrator

user_modify($username,$attributes)
Modify user attributes and return true or false

user_password($username,$password)
Set the password of the specified user. Requires configuration through ldaps.

computer_info($computer_name,$fields=NULL)
Returns detailed information for the specified computer.

all_users($include_desc = false, $search = "*", $sorted = true)
Returns the list of all users in AD, which may not work in large directories
all_groups($include_desc = false,$search = "*", $sorted = true)
Returns the list of all groups in AD, which may not work in large directories
Samples:
Login
include "adLDAP.php"
$config['account_suffix'] = '@xxx.com';//Domain controller suffix
$config['adserver'] = array('192.168.1.10','192.168.1.1');//Domain controller, if there is only one array('192.168.1.10')
$config['base_dn'] = 'cn=users,dc=xxx,dc=com';
$adldap =new adLDAP(array('domain_controllers'=>$config['adserver'],'account_suffix'=>$config['account_suffix'],'base_dn'=>$config
['base_dn'],'ad_username' => 'administrator','ad_password' => ''));
if($adldap)
{
echo "Login successful";
}
else
{
echo "Login failed";
}
?>
List all users
echo "All users
";
foreach($adldap->all_users() as $val)
{
echo $val."
";
}
?>
List all groups
echo "groups
";
foreach($adldap->all_groups() as $val)
{
echo $val."
";
}
?>
Print information about a certain computer
print_r($adldap->user_info("wang"));
?>
Create user
if ($adldap->user_create(array('username' => 'tonix','firstname' => 'firstname','surname' => "surname",'email' => 'e@ 123.com','container' =>
'container')))
{
echo "OK";
}
else
{
echo "error";
}
?>
Create group
if ($adldap->group_create("group_name=test,container=www"))
{
echo "OK";
}
else
{
echo "error";
}
?>

Author "Flying Life"

http://www.bkjia.com/PHPjc/478629.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/478629.htmlTechArticleThis article briefly describes how to operate AD through PHP tool ADLDAP.php download location http://adldap.sourceforge.net/download .php API (the following is from http://adldap.sourceforge.net, the translation level is limited, if there is anything wrong...