I am trying to construct a filter for ldap_search that tests the AD memberOf
attribute. The latter has possibly multiple values for a given user, and I want
something like (memberOf=*Student*) to get all and only the students. I realize
that the above does not work, that the memberOf attribute has some internal
structure that requires something more complicated, but I cannot seem to get it
working.
What I have done is use a very broad $filter, an $attribs that includes
"memberOf"-- and then loop through the results keeping only the students, thus:
$sr= ldap_search($ldapconn, $dn, $filter, $attribs);
for
($entryid=ldap_first_entry($ldapconn,$sr);$entryid!=false;$entryid=ldap_next_entry($ldapconn,$entryid)){
$this_memberof =
implode(ldap_get_values($ldapconn,$entryid,'memberof'));
If (stripos($this_memberof,'student') ) {
// do something, etc.
}
}
But this is wildly inefficient. How can I just create the filter I need for
ldap_search?
Thanks!
Alan
