Check if a user belongs to an LDAP+PHP group

Question

Check if a user belongs to an LDAP+PHP group

Asked 10 years, 4 months ago

Viewed 2,034 times

1

I wonder if it is possible to check directly in AD, if a user belongs to a certain group, to validate it as admin or not.

I’m doing it this way:

    /*
    * $this->status status da conexão
    * $this->ds identificador do link
    * $this->dn DN base
    * $this->usuario = usuário que busco no grupo
    */

    public function isAdmGroup() {

    if ($this->status) { 
        $grupo = 'CN=GrupoX,OU=Grupos,OU=Grupos de Acesso,DC=exemplo,DC=com,DC=br';
        $filter = "(&(objectClass=user)(sAMAccountname=".$this->usuario.")(memberOf=".$grupo."))";
        $attributes = array('memberof');
        $search = ldap_search($this->ds, $this->dn, $filter, $attributes);
        return ldap_get_entries($this->ds, $search);
    }
}

However, it returns me all user groups, and sometimes it is a large array.

I would like to do a more objective search, just checking whether it is part of the group or not, rather than returning all the groups that the user belongs to.

Make sure this helps. LINK1 LINK2 LINK3

– RafaelTheodoro

2014/07/21 at 18:11
Hi, thanks, I had already taken a look at these links, but I wanted something more specific.

– Marcelo Aymone

2014/07/21 at 18:30

1 answer

Browser other questions tagged php openldap

You are not signed in. Login or sign up in order to post.

by denisvm • **171** points · Answer 1 · 2014-07-21T20:28:34+00:00

You can change the variable $grupo for the DN of the administrator group you want and check if the ldap_Search function returns any object, if the return is empty, indicates that the user is not a member of this group.

There is no need to recheck the contents of the memberOf attribute unless you want to process the other groups that this administrator may be associated with.