1
I wonder if it is possible to check directly in AD, if a user belongs to a certain group, to validate it as admin or not.
I’m doing it this way:
/*
* $this->status status da conexão
* $this->ds identificador do link
* $this->dn DN base
* $this->usuario = usuário que busco no grupo
*/
public function isAdmGroup() {
if ($this->status) {
$grupo = 'CN=GrupoX,OU=Grupos,OU=Grupos de Acesso,DC=exemplo,DC=com,DC=br';
$filter = "(&(objectClass=user)(sAMAccountname=".$this->usuario.")(memberOf=".$grupo."))";
$attributes = array('memberof');
$search = ldap_search($this->ds, $this->dn, $filter, $attributes);
return ldap_get_entries($this->ds, $search);
}
}
However, it returns me all user groups, and sometimes it is a large array.
I would like to do a more objective search, just checking whether it is part of the group or not, rather than returning all the groups that the user belongs to.
Make sure this helps. LINK1 LINK2 LINK3
– RafaelTheodoro
Hi, thanks, I had already taken a look at these links, but I wanted something more specific.
– Marcelo Aymone