从 PHP 中的 openLDAP 获取所有可能的属性和所有 objectClasses

2022-01-17 00:00:00 attributes ldap php

我必须用 PHP 编写 LDAP 编辑器.LDAP 用于存储网络设备(交换机、AP、..).所以,这不是正常的功能,我发现了很多问题.最大的问题是:

I have to write LDAP editor in PHP. LDAP is used for store network devices (switch,AP,..). So, it is not normal functionality and I found lot of problems. The biggest problem is:

是否可以从数据库中读取所有对象类以及给定对象类的所有属性?

Is possible to read all objectClasses from database and all attributes for given objectClass?

感谢所有回复!!阿贾克斯

Thanks for all replies!! Ajax

推荐答案

为什么不呢?

每个服务器都会有一个子模式条目,其中包含所有对象类和属性类型.(包括广告)

There will be a subschema entry per server which comprises all the objectclasses and attributetypes. (including AD)

但是subschema entry dn在每个实现中可能不同,这个可以从rootDSE属性subschemasubentry"中查到

But the subschema entry dn may be different in each implementation, this can be looked up from rootDSE attribute "subschemasubentry"

-AD example-
ldapsearch -s base -b "" -D cn=Administrator,cn=users,dc=domain,dc=com -w 'password' -x -h 192.168.3.10 objectClass=* subschemasubentry

**OUTPUT:**
dn:
subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com


-OpenLdap example-
ldapsearch -s base -b "" -D cn=Administrator,dc=capua,dc=com -w password -x -h 192.168.3.11 subschemaSubentry 

**OUTPUT:**
#
dn:
objectClass: top
objectClass: OpenLDAProotDSE
subschemaSubentry: cn=Subschema

另外,请注意搜索范围.应该是BASE_LEVEL,否则不会返回任何结果.

Also, note the search scope. It should be BASE_LEVEL, otherwise it wont return any result.

在此之后搜索对象类和属性类型的子模式.

After this search the subschema for objectclasses and attributetypes.

ldapsearch -s base -b "cn=subschema" -D cn=Administrator,dc=capua,dc=com -w password -x -h 192.168.3.11  objectclass=subschema objectclasses attributetypes

这会将所有对象类和属性类型作为字符串返回.您没有查询给定对象类的属性列表的选项.您只能获取所有存储的对象类和属性的 ldif 输出.如果可行,您可能可以编写解析器或创建一些 ldif 对象.但是如果是 AD 的话,直接查询 cn=Schema,cn=configuration 可能就没有什么灵活性了.

This will return all the objectclasses and attributetypes as string. You dont have an option of querying list of attribute of a given objectclass. You can ONLY get the ldif output of all stored objetclass and attribute. Probably you can write a parser or create some ldif object if that works. But if its AD you might have little flexibility by directly querying cn=Schema,cn=configuration.

看看 php 代码.假设 $ld 已连接.某些目录服务器允许对子模式进行匿名读取,在这种情况下您不需要绑定.

Have a look at the php code. Assuming $ld is connected. Some directory server allows anonymous read on the subschema, in which case you dont need to bind.

  //Get the subschema dn from rootDSE
  $search = ldap_read($ld, "", "objectclass=*", array('*', 'subschemasubentry'));
  $entries = ldap_get_entries($ld, $search);
  $schemadn = $entries[0]["subschemasubentry"][0];

  print "Searching ". $schemadn . "<br/>";

  // Read all objectclass, attributetype from subschema
  $schsearch = ldap_read($ld, $schemadn, "objectClass=subSchema", array('objectclasses', 'attributetypes'));
  $schentries = ldap_get_entries($ld, $schsearch);

  $count = $schentries[0]["attributetypes"]["count"];

  print "Printing all attribute types <br/>";
  for ($i=0; $i<$count; $i++)
     print $schentries[0]["attributetypes"][$i] . "<br/>";


  $count = $schentries[0]["objectclasses"]["count"];

  print "Printing all objectclasses <br/>";
  for ($i=0; $i<$count; $i++)
     print $schentries[0]["objectclasses"][$i] . "<br/>";

相关文章