秋風落葉、萍水相逢 - Matt 程式 旅行 攝

1. 預先安裝好PHP
2. 先安裝必需的套件(SSSD等包含可以連結到Windows AD的套件)

yum install sssd sssd-client krb5-workstation samba openldap-clients policycoreutils-python

1. 編輯ldap config，設定單向SSL(AD如果是只有單向時，不要求Client的Certficate)

vi /etc/openldap/ldap.conf 

TLS_REQCERT     never

PHP LDAP Sample:

 

$ldaprdn = '輸入你的DN';

 

$ldappass = '輸入密碼';

 

 

 

$dsAdmin = ldap_connect( 'Server IP');


ldap_set_option( $dsAdmin, LDAP_OPT_PROTOCOL_VERSION, 3 );


ldap_set_option( $dsAdmin, LDAP_OPT_REFERRALS, 0 );


 


$dsUser = ldap_connect( 'Server IP');


ldap_set_option( $dsUser, LDAP_OPT_PROTOCOL_VERSION, 3 );


ldap_set_option( $dsUser, LDAP_OPT_REFERRALS, 0 );


 


/* login as admin & find out user entry */


if( ! ldap_bind( $dsAdmin, $ldaprdn, $ldappass ) )


{


// echo "LDAP-Errno: " . ldap_errno($dsAdmin) . "<br />\n";


// echo "admin pwd err\n";exit;


return false;//admin pwd err


}


//可搜尋全部列表


$r = ldap_search( $dsAdmin, '輸入BDN', '(name=*)' );