php，ldap登录例子

Class UserDaoLadp{// 服务器的配置信息private $ldap_server='ldap://192.168.1.200:389/';private $ldap_protocol_version='3';private $ldap_follow_referrals=1;private $ldap_bind_dn='root';private $ldap_bind_passwd='pwd1';// 搜索用户的配置信息private $ldap_organization='';private $ldap_root_dn='OU=developer,OU=dept,DC=xxx,DC=com';private $ldap_uid_field='sAMAccountName';public function __construct($config){foreach ($config as $key=>$value){$this->{$key} = $value;}}private function ldap_escape_string( $p_string ) {$t_find = array( '\\', '*', '(', ')', '/', "\x00" );$t_replace = array( '\5c', '\2a', '\28', '\29', '\2f', '\00' );$t_string = str_replace( $t_find, $t_replace, $p_string );return $t_string;}private function ldap_error_msg_normalize( $p_ds ) {return "ERROR #" . ldap_errno( $p_ds ) . ": " . ldap_error( $p_ds );}/** * 管理尝试绑定 */private function ldap_connect_bind( $p_binddn = '', $p_password = '' ) {// 连接ldap$t_ldap_server = $this->ldap_server;$t_ds = @ldap_connect( $t_ldap_server );if ( $t_ds === false || $t_ds <= 0 ) {throw new \Exception($this->ldap_error_msg_normalize($t_ds));}// 设置协议版本$t_protocol_version = $this->ldap_protocol_version;if( $t_protocol_version > 0 ) {$t_result = @ldap_set_option( $t_ds, LDAP_OPT_PROTOCOL_VERSION, $t_protocol_version );if( !$t_result ) {throw new \Exception($this->ldap_error_msg_normalize($t_ds));}}// 设置follow_referrals$t_follow_referrals = ON ==  $this->ldap_follow_referrals;$t_result = @ldap_set_option( $t_ds, LDAP_OPT_REFERRALS, $t_follow_referrals );if( !$t_result ) {throw new \Exception($this->ldap_error_msg_normalize($t_ds));}// 使用账户、密码登录if( !empty( $p_binddn ) && !empty( $p_password ) ) {$t_br = @ldap_bind( $t_ds, $p_binddn, $p_password );}else{$t_br = @ldap_bind( $t_ds );}if ( !$t_br ) {throw new \Exception($this->ldap_error_msg_normalize($t_ds));}return $t_ds;}/** * 取得用户指定字段的信息 */public function ldap_get_field_from_username( $p_username, $p_field ) {$t_ldap_organization = $this->ldap_organization;$t_ldap_root_dn = $this->ldap_root_dn;$t_ldap_uid_field = $this->ldap_uid_field;$c_username = $this->ldap_escape_string( $p_username );// 绑定$t_ds = @ldap_connect_bind();if ( $t_ds === false ) {throw new \Exception($this->ldap_error_msg_normalize($t_ds));}// 搜索指定账户$t_search_filter        = "(&$t_ldap_organization($t_ldap_uid_field=$c_username))";$t_search_attrs         = array( $t_ldap_uid_field, $p_field, 'dn' );// $t_sr = @ldap_search( $t_ds, 'OU=developer,OU=dept,DC=xxx,DC=com', "(&(sAMAccountName=$p_username))", array('sAMAccountName',$p_field,'dn') );$t_sr = @ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );if ( $t_sr === false ) {ldap_log_error( $t_ds );ldap_unbind( $t_ds );throw new \Exception($this->ldap_error_msg_normalize($t_ds));}// 结果集$t_info = ldap_get_entries( $t_ds, $t_sr );if ( $t_info === false ) {throw new \Exception($this->ldap_error_msg_normalize($t_ds));}// 释放结果集和绑定ldap_free_result( $t_sr );ldap_unbind( $t_ds );// 没有结果集if ( count( $t_info ) == 0 ) {return null;}if( is_array($t_info[0]) && array_key_exists( $p_field, $t_info[0] ) ) {return $t_info[0][$p_field][0];} else {return null;}}/** * 用户登录 */private function ldap_authenticate_by_username($p_username, $p_password) {$t_ldap_organization = $this->ldap_organization;$t_ldap_root_dn = $this->ldap_root_dn;$t_ldap_uid_field = $this->ldap_uid_field;$c_username = $this->ldap_escape_string($p_username);// 管理员进行绑定$t_ds = $this->ldap_connect_bind($this->ldap_bind_dn,$this->ldap_bind_passwd);if($t_ds === false){throw new \Exception($this->ldap_error_msg_normalize($t_ds));}// 搜索指定账户$t_search_filter = "(&$t_ldap_organization($t_ldap_uid_field=$c_username))";$t_search_attrs = array($t_ldap_uid_field,'dn');// $t_sr = ldap_search( $t_ds, 'OU=developer,OU=dept,DC=xxx,DC=com', "(&(sAMAccountName=$p_username))", array('sAMAccountName','dn') );$t_sr = ldap_search( $t_ds, $t_ldap_root_dn, $t_search_filter, $t_search_attrs );if ( $t_sr === false ) {ldap_unbind( $t_ds );throw new \Exception($this->ldap_error_msg_normalize($t_ds));}// 取得匹配的实体列表$t_info = @ldap_get_entries( $t_ds, $t_sr );if ( $t_info === false ) {ldap_free_result( $t_sr );ldap_unbind( $t_ds );throw new \Exception($this->ldap_error_msg_normalize($t_ds));}// 使用搜索到的账号绑定$t_authenticated = false;if ( $t_info['count'] > 0 ) {// 对匹配到的所有账号，进行尝试绑定for ( $i = 0; $i < $t_info['count']; $i++ ) {$t_dn = $t_info[$i]['dn'];//  普通用户尝试绑定if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {$t_authenticated = true;break;}}} else {return false;}ldap_free_result( $t_sr );ldap_unbind( $t_ds );return $t_authenticated;}/** * 测试登录 */public function identify($account, $password) {if( !extension_loaded( 'ldap' ) ) {throw new \Exception('ldap extension is not loaded.');}if(!$this->ldap_authenticate_by_username($account,$password)){return false;}return true;}}

例子

$config = array(// 服务器的配置信息'ldap_server'=>'ldap://192.168.1.200:389/','ldap_protocol_version'=>'3','ldap_follow_referrals'=>1,'ldap_bind_dn'=>'root','ldap_bind_passwd'=>'pwd1',// 搜索用户的配置信息'ldap_organization'=>'','ldap_root_dn'=>'OU=developer,OU=dept,DC=xxx,DC=com','ldap_uid_field'=>'sAMAccountName',);$userDaoLadp = new UserDaoLadp($config);$username = 'developer1';$password = 'pwd1';try {if($userDaoLadp->identify($username, $password)){$unionid = $userDaoLadp->ldap_get_field_from_username($username,'unionid');// $sql = "select * from user_table where unionid='".$unionid."'";// $_SESSION['userinfo'] = $userInfo;return true;}else{return false;}} catch (\Exception $e) {return false;}