LDAP安装和使用
lser.ldif
# replace to your own domain name for "dc=***,dc=***" section
dn: uid=bing,ou=Student,dc=cloud,dc=com
objectClass: inetOrgPerson
cn: bing
sn: zheng
userPassword: zheng
base.ldif
# replace to your own domain name for "dc=***,dc=***" section
dn: dc=cloud,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: School
dc: cloud
dn: cn=Manager,dc=cloud,dc=com
objectClass: organizationalRole
cn: Manager
description: Manager info
dn: ou=Student,dc=cloud,dc=com
objectClass: organizationalUnit
ou: Student
dn: ou=Teacher,dc=cloud,dc=com
objectClass: organizationalUnit
ou: Teacher
ldap.php
<?php
$ldapconfig['host'] = '192.168.8.204';
$ldapconfig['port'] = 389;
$ldapconfig['basedn'] = 'dc=pheicloud,dc=com';
$ldapconfig['authrealm'] = 'Manager';
function ldap_authenticate() {
global $ldapconfig;
global $PHP_AUTH_USER;
global $PHP_AUTH_PW;
if ($PHP_AUTH_USER != "" && $PHP_AUTH_PW != "") {
$ds=@ldap_connect($ldapconfig['host'],$ldapconfig['port']);
$r = @ldap_search( $ds, $ldapconfig['basedn'], 'uid=' . $PHP_AUTH_USER);
if ($r) {
$result = @ldap_get_entries( $ds, $r);
if ($result[0]) {
if (@ldap_bind( $ds, $result[0]['dn'], $PHP_AUTH_PW) ) {
return $result[0];
}
}
}
}
header('WWW-Authenticate: Basic realm="'.$ldapconfig['authrealm'].'"');
header('HTTP/1.0 401 Unauthorized');
return NULL;
}
if (($result = ldap_authenticate()) == NULL) {
echo('Authorization Failed');
exit(0);
}
echo('Authorization success');
print_r($result);
?>
ldapbind.php
<?php
function addusertogroup(){
$ds = ldap_connect('192.168.6.9', '389');
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$r = ldap_bind($ds, 'cn=Manager,dc=pheicloud,dc=com', 'pheicloud');
$aAttr = [
'memberUid' => ['lisi@pheicloud.com','bing2','bing']
];
$dn="cn=Student,ou=Group,dc=pheicloud,dc=com";
$ret = @ldap_modify($ds, $dn, $aAttr);
if ($ret === false) {
return "failed";
}
ldap_close($ds);
return $ret;
}
echo addusertogroup();
function api_auth($username, $password)
{
// $ds = ldap_connect('192.168.8.204','389');
$ds = ldap_connect('192.168.6.9', '389');
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$r = ldap_bind($ds, 'cn=Manager,dc=pheicloud,dc=com', 'pheicloud');
$attrs = array('userPassword', 'cn', 'sn','mail','mobile');
$mail = "bing@pheicloud.com";
$mobile = "18358336401";
$filter = "(|(mobile=$mobile*)(mail=$mail*))";
$sr = ldap_search($ds, 'dc=pheicloud,dc=com', $filter, $attrs, 0, 0, 0);
$entries = ldap_get_entries($ds, $sr);
$info = $entries;
if ($info['count'] == 0) {
return false; //用户名不存在
}
echo json_encode($info);
$user_dn = $info[0]['dn'];
$b2 = @ldap_bind($ds, $user_dn, $password);
if (!$b2) {
// return "pwssword wrong";
}
ldap_close($ds);
// return $info[0];
}
function addEntry($dn, $aAttr = array())
{
if (!$dn = trim($dn)) {
return false;
}
if (!$aAttr) {
return false;
}
$ds = ldap_connect('192.168.6.9');
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$r = ldap_bind($ds, 'cn=Manager,dc=pheicloud,dc=com', 'pheicloud');
$aAttr['objectClass'] = ['top', 'person', 'organizationalPerson', 'inetOrgPerson'];
$ret = @ldap_add($ds, $dn, $aAttr);
if ($ret === false) {
return "failed";
}
ldap_close($ds);
return $ret;
}
function addBatchEntry()
{
}
function deleteEntry($dn)
{
if (!$dn = trim($dn)) {
return false;
}
$ds = ldap_connect('192.168.6.9');
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$r = ldap_bind($ds, 'cn=Manager,dc=pheicloud,dc=com', 'pheicloud');
$ret = @ldap_delete($ds, $dn);
if ($ret === false) {
return "failed";
}
return $ret;
}
function updateEntry($dn, $aAttr)
{
if (!$dn = trim($dn)) {
return false;
}
$ds = ldap_connect('192.168.6.9');
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$r = ldap_bind($ds, 'cn=Manager,dc=pheicloud,dc=com', 'pheicloud');
$ret = @ldap_modify($ds, $dn, $aAttr);
if ($ret === false) {
return "failed";
}
return $ret;
}
function selectEntry()
{
}
function moveEntry()
{
}
function search($uid)
{
$ds = ldap_connect('192.168.6.9', '389');
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$r = ldap_bind($ds, 'cn=Manager,dc=pheicloud,dc=com', 'pheicloud');
$attrs = array('userPassword', 'cn', 'sn','mail','mobile');
$filter = "memberUid=$uid";
$sr = ldap_search($ds, 'ou=Group,dc=pheicloud,dc=com', $filter, $attrs, 0, 0, 0);
// $sr = ldap_search($ds, 'cn=Student,ou=Group,dc=pheicloud,dc=com', $filter, $attrs, 0, 0, 0);
$entries = ldap_get_entries($ds, $sr);
$info = $entries;
if ($info['count'] == 0) {
return false; //用户名不存在
}
echo json_encode($info);
$user_dn = $info[0]['dn'];
$b2 = @ldap_bind($ds, $user_dn, $password);
if (!$b2) {
// return "pwssword wrong";
}
ldap_close($ds);
}
// echo search("bing");
//认证
// echo api_auth("zheng", "123456");
// echo json_encode();
//插入
$aAttr = [
'cn' => "test",
'sn' => 'test1',
'userPassword' => "123456",
'uid' => 'zheng',
'mobile' => '18358336400',
'mail' => 'bing@pheicloud.com'
];
// echo addEntry("uid=zheng,ou=People,dc=pheicloud,dc=com", $aAttr);
//删除
// echo deleteEntry("uid=zheng,ou=People,dc=pheicloud,dc=com");
//更新
$updateAttr = [
'cn' => "test",
'sn' => 'test1',
'userPassword' => "654321",
'uid' => 'zheng',
'mobile' => '18358336401',
'mail' => 'bing@pheicloud.com'
];
// echo updateEntry("uid=zheng,ou=People,dc=pheicloud,dc=com", $updateAttr);
参考文档:
https://www.linuxidc.com/Linux/2017-10/147562.htm?hmsr=toutiao.io
http://blog.51cto.com/11555417/2065747
https://blog.csdn.net/wenwenxiong/article/details/76855047