define("_SERVER_", "sso.gsi.de"); define("_PORT_", 3060); define("_CONNECTION_", ldap_connect(_SERVER_, _PORT_)); define("_GROUPS_DN_", "cn=Groups,dc=gsi,dc=de"); define("_GROUPS_FILTER_", "(objectclass=orclgroup)"); define("_GROUPS_ATTRIBUTES_", "uniquemember|cn|description|displayname"); define("_GROUPS_", "GSI_BBE_Admin|GSI_BBE_Oper|GSI_BBE_User"); // Hier Gruppennamen (CN) eintragen, die gelesen werden sollen. define("_USERS_FILTER_", "(objectclass=orcluser)"); define("_USERS_ATTRIBUTES_", "uid|mail|sn|givenname"); // Hier können noch weitere Attribute mit | getrennt angegeben werden, die gelesen werden sollen. // users cache $users = array(); // Dies ist ein anonymous bind, d.h. es ist nur ein lesender Zugriff. if (ldap_bind(_CONNECTION_)) { function search($dn, $filter, $attributes) { return ldap_get_entries(_CONNECTION_, ldap_search(_CONNECTION_, $dn, $filter, $attributes)); } function get_user($dn) { // include users cache global $users; // not cached if (!array_key_exists($dn, $users)) { $user = search($dn, _USERS_FILTER_, explode("|", _USERS_ATTRIBUTES_)); if ($user["count"] == 1) { $users[$dn] = array("uid" => $user[0]["uid"][0], "name" => $user[0]["sn"][0] . ", " . $user[0]["givenname"][0], "email" => $user[0]["mail"][0]); // "schlüssel" => $user[0]["attribut"][0] // In diesem Sinne erweitern, wenn noch weitere userattribute abgefragt wurden. return $users[$dn]; } else return null; } // cached if (array_key_exists($dn, $users)) return $users[$dn]; else return null; } function get_groups() { $groups_filter = explode("|", _GROUPS_); $result = search(_GROUPS_DN_, _GROUPS_FILTER_, explode("|", _GROUPS_ATTRIBUTES_)); // unset($result[0]); $groups = array(); foreach($result as $group) { $group_id = $group["cn"][0]; if (in_array($group_id, $groups_filter)) { $groups[$group_id] = array("name" => $group["cn"][0], "description" => $group["description"][0], "displayname" => $group["displayname"][0]); $groups[$group_id]["members"] = array(); foreach($group["uniquemember"] as $member) if (is_string($member)) if (!is_null(get_user($member))) $groups[$group_id]["members"][] = get_user($member); } } uksort($groups, "strnatcasecmp"); return $groups; } $groups = get_groups(); ldap_close(_CONNECTION_); } else { die("Could not bind to " . _SERVER_ . ":" . _PORT_ . ". Try again later."); } // Ausgabe echo "
\n";
print_r($groups);
print_r($users);
echo "\n
"; ?>