Vincent DUPONT wrote:
> I need to get the LDAP groups a user is member of (memberof). The problem
> is that there are multiple levels of groups, and I need to get all levels.
> example
> userA is member of group A B and C
> group A is member of (included in) group D
>
> If I make a simple query on the LDAP server to fetch the memberof of
> userA, it returns A, B and C.
> I need to get also D because group A is in group D
>
> In PHP I use the statement :
> $list = ldap_search($conn, "$userdn,$basedn", "samaccountname=$name",
> array('memberof')); //samaccountname is the Windows login name
You're already way ahead of anything I've done with LDAP.
Hopefully, there *IS* some way to do what you want with built-in LDAP
commands.
If there is *NOT*, however, something like this:
function ldap_groups($conn, $userdn, $basend, $name){
$list = ldap_search($conn, "$userdn,$basedn", "samaccountname=$name",
array('memberof'));
//Now loop through all the groups:
while (list(, $group) = ldap_read_something($conn, $list)){
$groups[$group] = $group; //$group should be A, B, or C...
ldap_super_groups($conn, $group, $groups);
}
return $groups;
}
function ldap_super_groups($conn, $group, $groups){
$list = ldap_search($conn, $group, "somemicrosoftthing=$group",
array('memberof')); //Is 'memberof' what you want for A being in D?
//Loop through all the new groups:
while (list(, $g) = ldap_read_something($conn, $list)){
//This makes sure we don't spin our wheels forever,
//re-doing groups we've already done:
if (!isset[$groups[$g])){
ldap_super_groups($conn, $g, $groups);
}
$groups[$g] = $g;
}
return $groups;
}
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
