1. 首頁
  2. 問答
  3. PHP LDAP獲取用戶SID

PHP LDAP獲取用戶SID

2016-09-16 76 views
1

我不知道如何獲取AD中的用戶唯一標識符(SID)。代碼片段:PHP LDAP獲取用戶SID

...  
$filter="(&(samaccountname=".$this->username.")(memberOf:1.2.840.113556.1.4.1941:=CN=GROUP_NAME,OU=Security,DC=something,DC=something))"; 
    $attribute = array("cn","objectsid","description", "group", "member", "samaccountname"); 
    $sr=ldap_search($this->conn_ldap, $this->ldap_dn, $filter, $attribute); 

    if ($sr) 
    { 

    $this->info = ldap_get_entries($this->conn_ldap, $sr); 
    if ($this->info["count"] == 1){ 

    ldap_close($this->conn_ldap); 
    return true; 
    } 
    ...

我可以拉的信息:

echo $this->info[0]["cn"][0]; 


echo $this->info[0]["objectsid"][0];

在第一輸出,我可以在謝勝利,像0�@�d^�WL7�U 看到用戶的名字,我相信SID應像S-......

來源

2016-09-16 Klapsius

+0

從谷歌搜索的第2個鏈接 'PHP LDAP獲得SID' 扔了一些代碼值得嘗試:http://php.net/manual/en/function.ldap-get-values-len。 php(請參閱derek dot ethier的評論)&http://l3rady.com/index.html%3Fp=435.html –

+0

向「''$ attributes'''數組添加一個」+「,看看結果然後。這可能會揭示一些額外的信息。 – heiglandreas

回答

2

我在另一個網站上找到了一個解決方案(見下文)。 基本上這功能是轉換器,使SID可見:

public static function SIDtoString($ADsid) 
{ 
    $sid = "S-"; 
    //$ADguid = $info[0]['objectguid'][0]; 
    $sidinhex = str_split(bin2hex($ADsid), 2); 
    // Byte 0 = Revision Level 
    $sid = $sid.hexdec($sidinhex[0])."-"; 
    // Byte 1-7 = 48 Bit Authority 
    $sid = $sid.hexdec($sidinhex[6].$sidinhex[5].$sidinhex[4].$sidinhex[3].$sidinhex[2].$sidinhex[1]); 
    // Byte 8 count of sub authorities - Get number of sub-authorities 
    $subauths = hexdec($sidinhex[7]); 
    //Loop through Sub Authorities 
    for($i = 0; $i < $subauths; $i++) { 
     $start = 8 + (4 * $i); 
     // X amount of 32Bit (4 Byte) Sub Authorities 
     $sid = $sid."-".hexdec($sidinhex[$start+3].$sidinhex[$start+2].$sidinhex[$start+1].$sidinhex[$start]); 
    } 
    return $sid; 
}

https://www.null-byte.org/development/php-active-directory-ldap-authentication/

來源

2016-09-16 14:34:38 Klapsius

1

作爲替代示例中,這可以完全使用PHP的解壓縮功能來完成。所述的objectSID二進制結構上最好this MSDN doc記載:

修訂(1個字節):一個8位的無符號整數,指定SID的 修訂級別。該值必須設置爲0x01。

SubAuthorityCount(1字節):一個8位無符號整數,指定 SubAuthority數組中的元素數量。允許的元素的最大數量是 15.

IdentifierAuthority(6個字節):甲SID_IDENTIFIER_AUTHORITY結構 ,其指示在其下SID被創建的權限。它 描述了創建SID的實體。標識符權限 值{0,0,0,0,0,5}表示由NT SID權限創建的SID。

SubAuthority(變量):32位無符號整數 的可變長度數組,它唯一地標識一個主要相對於 IdentifierAuthority。它的長度由SubAuthorityCount決定。

/** 
* Decode the binary SID into its readable form. 
* 
* @param string $value 
* @return string 
*/ 
function decodeSID($value) 
{ 
    # revision - 8bit unsigned int (C1) 
    # count - 8bit unsigned int (C1) 
    # 2 null bytes 
    # ID - 32bit unsigned long, big-endian order 
    $sid = @unpack('C1rev/C1count/x2/N1id', $value); 
    $subAuthorities = []; 

    if (!isset($sid['id']) || !isset($sid['rev'])) { 
     throw new \UnexpectedValueException(
      'The revision level or identifier authority was not found when decoding the SID.' 
     ); 
    } 

    $revisionLevel = $sid['rev']; 
    $identifierAuthority = $sid['id']; 
    $subs = isset($sid['count']) ? $sid['count'] : 0; 

    // The sub-authorities depend on the count, so only get as many as the count, regardless of data beyond it 
    for ($i = 0; $i < $subs; $i++) { 
     # Each sub-auth is a 32bit unsigned long, little-endian order 
     $subAuthorities[] = unpack('V1sub', hex2bin(substr(bin2hex($value), 16 + ($i * 8), 8)))['sub']; 
    } 

    # Tack on the 'S-' and glue it all together... 
    return 'S-'.$revisionLevel.'-'.$identifierAuthority.implode(
     preg_filter('/^/', '-', $subAuthorities) 
    ); 
}

來源

2017-02-11 16:51:31 ChadSikorra

相關問題

 相關問題