If you notice when you get the "memberOf" back from the server you ll
see it is an array with full CN; so if you dont want to loop through
the array returned you can try to see if filtering with the full CN
will work.
I found it easier to just get all of "memberOf" and then use PHP to
get only the desired groups.
On Feb 22, 2009, at 7:22 PM, Zaitchik, Alan wrote:
I am trying to construct a filter for ldap_search that tests the AD
memberOf attribute. The latter has possibly multiple values for a
given user, and I want something like (memberOf=*Student*) to get
all and only the students. I realize that the above does not work,
that the memberOf attribute has some internal structure that
requires something more complicated, but I cannot seem to get it
working.
What I have done is use a very broad $filter, an $attribs that
includes "memberOf"-- and then loop through the results keeping
only the students, thus:
$sr= ldap_search($ldapconn, $dn, $filter, $attribs);
for ($entryid=ldap_first_entry($ldapconn,$sr);$entryid!=false;
$entryid=ldap_next_entry($ldapconn,$entryid)){
$this_memberof = implode(ldap_get_values($ldapconn,
$entryid,'memberof'));
If (stripos($this_memberof,'student') ) {
// do something, etc.
}
}
But this is wildly inefficient. How can I just create the filter I
need for ldap_search?
Thanks!
Alan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php