On Thu, January 25, 2007 3:07 pm, Bing Du wrote:
> Sorry if the top is not closely PHP related. But I need to accomplish
> it
> using PHP.
>
> I can query the attribute 'memberOf' of a user from the active
> directory
> server with no problem. The challenge I'm facing now is how to obtain
> all
> the groups a user is member of. In many cases, a user can be in many
> groups which could be nested. Say, user is a member of group B which
> is a
> member of group A. So user should be member of group A implicitly.
> But
> in active directory, user's account only has
>
> memberOf: CN=Group_B,OU=security
> groups,OU=Users,OU=Coll,DC=some,DC=edu
>
> I can then check if Group_B's LDAP entry has any 'memberOf' attribute,
> so
> on and so on. If user's LDAP entry has multiple 'memberOf'
> attributes, I
> have to check each one to see if each group has any parent groups.
> Anybody ever had to deal with such a kind of issue and would like to
> shed
> some light (better with some code samples) how it should be done
> effectively? Any ideas would be greatly appreciated.
I don't know hardly anything about LDAP, and even less about Active
Directory, but if you can't find a built-in function to do this and
have to write your own, it should end up looking something like:
function groups($user, $groups = null){
//very first time, initialize $groups to empty array:
if (is_null($groups)) $groups = array();
//Find all the groups that his user/group is a memberOf:
$member_of = //do your LDAP here to find the memberOf:
//ex: "CN=Group_B,OU=security groups,OU=Users,OU=Coll,DC=some,DC=edu"
//Look at each group in turn
$member_of = explode(',', $member_of);
foreach($member_of as $group){
//Skip any groups we have already seen:
if (isset($groups[$group])) continue;
//Add it to the list of groups:
$groups[$group] = $group;
//check for super-groups of this group:
$groups = array_merge($groups, groups($group, $groups));
}
}
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
