ldap_get_option
In order to set directory/file permissions with smbcacls, you'll need to get the objectSid and objectGuid, convert them with the functions described in the other post of this manual and concat them like this :
$user='S-' . $strObjectSid . '-' . $strObjectGuid
ldap_get_values_len
(PHP 4, PHP 5)
ldap_get_values_len — Lit toutes les valeurs binaires d'une entrée
Description
array ldap_get_values_len
( resource $link_identifier
, resource $result_entry_identifier
, string $attribute
)
Lit toutes les valeurs binaires d'une entrée d'un résultat.
Cette fonction s'utilise exactement comme la fonction ldap_get_values(), hormis le fait qu'elle gère les données binaires, et non les chaînes de caractères.
Liste de paramètres
- link_identifier
-
Un identifiant de lien LDAP, retourné par la fonction ldap_connect().
- result_entry_identifier
-
- attribute
-
Valeurs de retour
Retourne un tableau de valeurs pour l'attribut en cas de succès, et FALSE en cas d'erreur. Les valeurs sont accessibles individuellement, avec les index numériques du tableau. L'indexation commence à 0. Le nombre de valeurs retournées est disponible à l'index 'count' du tableau retourné.
add a note
User Contributed Notesldap_get_values_len
etienne at i-james dot com
23-Aug-2007 02:40
23-Aug-2007 02:40
derek dot ethier at gmail dot com
07-Mar-2007 11:25
07-Mar-2007 11:25
One more function to add that complements the bin_to_str_guid function I posted below:
// This function will convert a string GUID value into a HEX value to search AD.
function str_to_hex_guid($str_guid) {
$str_guid = str_replace('-', '', $str_guid);
$octet_str = substr($str_guid, 6, 2);
$octet_str .= substr($str_guid, 4, 2);
$octet_str .= substr($str_guid, 2, 2);
$octet_str .= substr($str_guid, 0, 2);
$octet_str .= substr($str_guid, 10, 2);
$octet_str .= substr($str_guid, 8, 2);
$octet_str .= substr($str_guid, 14, 2);
$octet_str .= substr($str_guid, 12, 2);
$octet_str .= substr($str_guid, 16, strlen($str_guid));
return $octet_str;
}
If you want to convert the string GUID back to the HEX format (required if you want to search AD based on the GUID string, make sure you escape the HEX string with double backslashes when searching -- ie. \\AE\\0F\\88...).
derek dot ethier at gmail dot com
12-Feb-2007 07:49
12-Feb-2007 07:49
To elaborate on rcrow's post, if you want to convert the objectSID value to a usable string (from Active Directory) the following function will do the trick (this was borrowed from another section of the manual, just thought I'd add it here):
// Returns the textual SID
function bin_to_str_sid($binsid) {
$hex_sid = bin2hex($binsid);
$rev = hexdec(substr($hex_sid, 0, 2));
$subcount = hexdec(substr($hex_sid, 2, 2));
$auth = hexdec(substr($hex_sid, 4, 12));
$result = "$rev-$auth";
for ($x=0;$x < $subcount; $x++) {
$subauth[$x] =
hexdec($this->little_endian(substr($hex_sid, 16 + ($x * 8), 8)));
$result .= "-" . $subauth[$x];
}
// Cheat by tacking on the S-
return 'S-' . $result;
}
// Converts a little-endian hex-number to one, that 'hexdec' can convert
function little_endian($hex) {
for ($x = strlen($hex) - 2; $x >= 0; $x = $x - 2) {
$result .= substr($hex, $x, 2);
}
return $result;
}
This function is not related to the ldap_get_values_len function but is still helpful if you want to convert the objectGUID binary value to a string format (converted from some vbscript provided by Richard Mueller):
// This function will convert a binary value guid into a valid string.
function bin_to_str_guid($object_guid) {
$hex_guid = bin2hex($object_guid);
$hex_guid_to_guid_str = '';
for($k = 1; $k <= 4; ++$k) {
$hex_guid_to_guid_str .= substr($hex_guid, 8 - 2 * $k, 2);
}
$hex_guid_to_guid_str .= '-';
for($k = 1; $k <= 2; ++$k) {
$hex_guid_to_guid_str .= substr($hex_guid, 12 - 2 * $k, 2);
}
$hex_guid_to_guid_str .= '-';
for($k = 1; $k <= 2; ++$k) {
$hex_guid_to_guid_str .= substr($hex_guid, 16 - 2 * $k, 2);
}
$hex_guid_to_guid_str .= '-' . substr($hex_guid, 16, 4);
$hex_guid_to_guid_str .= '-' . substr($hex_guid, 20);
return strtoupper($hex_guid_to_guid_str);
}
Here's an example on how to use both:
$filter="samaccountname=".$username;
$fields=array("objectguid","objectsid");
//establish the connection and specify the base_dn first. there are a lot of examples in the manual for this
$sr=ldap_search($this->_conn,$this->_base_dn,$filter,$fields);
$entries = ldap_get_entries($this->_conn, $sr);
if (in_array("objectguid", $fields)) {
$entries[0]["objectguid"][0]=
$this->bin_to_str_guid($entries[0]["objectguid"][0]);
}
if (in_array("objectsid", $fields)) {
$entry = ldap_first_entry($this->_conn, $sr);
$objectsid_binary = ldap_get_values_len($this->_conn, $entry, "objectsid");
$entries[0]["objectsid"][0] = $this->bin_to_str_sid($objectsid_binary[0]);
}
Hope this helps someone!
rcrow at NOSPAM dot laptv dot com
29-Apr-2004 05:06
29-Apr-2004 05:06
If you are trying to access BINARY DATA, such as ObjectSID within LDAP, you must first get an individual entry, as stated under ldap_get_values() function -- "This call needs a result_entry_identifier, so needs to be preceded by one of the ldap search calls and one of the calls to get an individual entry."
The following code snippet will get the LDAP objectSID for a specific user.
<?php
/* Get the binary objectsid entry */
/* Be sure that you have included the binary field in your ldap_search. */
$criteria = "samaccountname=$ldapUser";
$justthese = array("memberOf", "objectsid");
$ldapSearchResult = ldap_search($ldapConnectionResult, $ldapBase, $criteria, $justthese);
if (ldap_count_entries($ldapConnectionResult, $ldapSearchResult)){
$ldapResults = ldap_get_entries($ldapConnectionResult, $ldapSearchResult);
$entry = ldap_first_entry($ldapConnectionResult, $ldapSearchResult);
$ldapBinary = ldap_get_values_len ($ldapConnectionResult, $entry, "objectsid");
/* your code here */
}
?>
You then can use something like bin2hex to put the data in a more usable form.