亚洲国产日韩欧美一区二区三区,精品亚洲国产成人av在线,国产99视频精品免视看7,99国产精品久久久久久久成人热,欧美日韩亚洲国产综合乱

Home php教程 php手冊(cè) 什么是LDAP

什么是LDAP

Jun 21, 2016 am 09:14 AM
ds info ldap quot

LDAP是什么
LDAP是一個(gè)用來發(fā)布目錄信息到許多不同資源的協(xié)議。通常它都作為一個(gè)集中的地址本使用,不過根據(jù)組織者的需要,它可以做得更加強(qiáng)大。
  LDAP最基本的形式是一個(gè)連接數(shù)據(jù)庫的標(biāo)準(zhǔn)方式。該數(shù)據(jù)庫為讀查詢作了優(yōu)化。因此它可以很快地得到查詢結(jié)果,不過在其它方面,例如更新,就慢得多。要特別注意的是,LDAP通常作為一個(gè)hierarchal數(shù)據(jù)庫使用,而不是一個(gè)關(guān)系數(shù)據(jù)庫。因此,它的結(jié)構(gòu)用樹來表示比用表格好。正因?yàn)檫@樣,就不能用SQL語句了。

  簡(jiǎn)單說來,LDAP是一個(gè)得到關(guān)于人或者資源的集中、靜態(tài)數(shù)據(jù)的快速方式。

LDAP是輕量目錄訪問協(xié)議(Lightweight Directory Access Protocol)的縮寫,其實(shí)是一話號(hào)碼簿,類似于我們所使用諸如NIS(Network Information Service)、DNS (Domain Name Service)等網(wǎng)絡(luò)目錄,也類似于你在花園中所看到的樹木。
LDAP是一種特殊的數(shù)據(jù)庫。但是LDAP和一般的數(shù)據(jù)庫不同,明白這一點(diǎn)是很重要的。 LDAP對(duì)查詢進(jìn)行了優(yōu)化,與寫性能相比LDAP的讀性能要優(yōu)秀很多。
1.1 LDAP的存儲(chǔ)規(guī)則
區(qū)分名(DN,Distinguished Name)
和自然界中的樹不同,文件系統(tǒng)/LDAP/電話號(hào)碼簿目錄的每一片枝葉都至少有一個(gè)獨(dú)一無二的屬性,這一屬性可以幫助我們來區(qū)別這些枝葉。
在文件系統(tǒng)中, 這些獨(dú)一無二的屬性就是帶有完整路徑的文件名。比如/etc/passwd,該文件名在該路徑下是獨(dú)一無二的。當(dāng)然我們可以有/usr/passwd, /opt/passwd,但是根據(jù)它們的完整路徑,它們?nèi)匀皇俏ㄒ坏摹?
在LDAP中,一個(gè)條目的區(qū)分名稱叫做“dn”或者叫做區(qū)分名。在一個(gè)目錄中這個(gè)名稱總是唯一的。比如,我的dn是"uid=aghaffar, ou=People, o=developer.ch"。不可能有相同的dn,但是我們可以有諸如"uid=aghaffar, ou=Administrators, o=developer.ch"的dn。這同上面文件系統(tǒng)中/etc/passwd 和 /usr/passwd的例子很類似。
我們有獨(dú)一無二的屬性,在"ou=Administrators, o=developer.ch" 中uid和在"ou=People, o=developer.ch"中的uid。這并不矛盾。
CN=Common Name 為用戶名或服務(wù)器名,最長(zhǎng)可以到80個(gè)字符,可以為中文;
OU=Organization Unit為組織單元,最多可以有四級(jí),每級(jí)最長(zhǎng)32個(gè)字符,可以為中文;
O=Organization 為組織名,可以3—64個(gè)字符長(zhǎng)
C=Country為國(guó)家名,可選,為2個(gè)字符長(zhǎng)

LDAP目錄以一系列“屬性對(duì)”的形式來存儲(chǔ)記錄項(xiàng),每一個(gè)記錄項(xiàng)包括屬性類型和屬性值(這與關(guān)系型數(shù)據(jù)庫用行和列來存取數(shù)據(jù)有根本的不同)。
mail = testmail@mccc.net
othermailbox = testmailother@mccc.com
givenname = givenname
sn = test sn
屬性可添加,以下一個(gè)屬性必須賦值:
objectclass=person (值為:person 或 server 或 organization 或 其他自定義的值)

2 Php如何操作LDAP
2.1 Php如何與LDAP連接和關(guān)閉
$ds=ldap_connect("ServerName")
ServerName是LDAP的服務(wù)器名,

例:
$ds=ldap_connect(“10.31.172.30:1000”)
返回值是:true 或 false

關(guān)閉連接
ldap_close($ds);

2.2 在php中如何搜索用戶信息

$ds=ldap_connect("10.31.172.30:1000");
//首先連接上服務(wù)器
$justthese = array("cn","userpassword",”location”);
//搜索函數(shù)中的一個(gè)參數(shù),要求返回哪些信息,
//以上傳回cn,userpassword,location,這些都要求小寫
$sr=ldap_search($ds,"o=jite", "cn=dom*",$justthese);
//第一個(gè)參數(shù)開啟LDAP的代號(hào)
//第二個(gè)參數(shù)最基本的 dn 條件值 , 例:”o=jite,c=cn”
//第三個(gè)參數(shù) filter 為布林條件,它的語法可以在 Netscape 站上找一份 dirsdkpg.pdf 檔案.
// ’o’為組織名,’cn’ 為用戶名,用戶名可用通配符 ’*’
echo "domadmin姓氏有".ldap_count_entries($ds,$sr)." 個(gè)

";
//ldap_count_entries($ds,$sr)傳回記錄總數(shù)

$info = ldap_get_entries($ds, $sr);
//LDAP的全部傳回資料
echo "資料傳回 ".$info["count"]."筆:

";
for ($i=0; $iecho "dn為:". $info[$i]["dn"] ."
";
echo "cn為:". $info[$i]["cn"][0] ."
"; //顯示用戶名
echo "email為:". $info[$i]["mail"][0] ."

"; //顯示mail
echo "email為:". $info[$i][“userpassword"][0] ."

"; //顯示加密后的密碼
}
2.3 添加用戶
$ds=ldap_connect("10.31.172.30:1000");
//首先連接上服務(wù)器
$r=ldap_bind($ds,"cn=domadmin,o=jite","password");
//系住一個(gè)管理員,有寫的權(quán)限
// cn=domadmin,o=jite順序不能變
$info["cn"]="aaa"; //必填
$info["userpassword"]="aaa";
$info["location"]="shanghai";
$info["objectclass"] = "person"; //必填person為個(gè)人,還有server…
ldap_add($ds, "cn=".$info["cn"].",o=jite", $info);
ldap_unbind($ds);
//取消綁定
ldap_close($ds);
//關(guān)閉連接
2.4 刪除用戶
$ds=ldap_connect("10.31.172.30:1000");
//首先連接上服務(wù)器
ldap_bind($ds,"cn=domadmin,o=jite","password");
//綁定管理員,有刪除的權(quán)限
$dn="cn=dingxf,o=jite";
ldap_delete($ds, $dn);
//刪除用戶
ldap_unbind($ds);
//取消綁定
ldap_close($ds);
//關(guān)閉連接
2.5 修改用戶資料
$ds=ldap_connect("10.31.172.30:1000");
//首先連接上服務(wù)器
ldap_bind($ds,"cn=domadmin,o=jite","password");
//綁定管理員,有修改的權(quán)限
$dn="cn=dingxf,o=jite";
//用戶dn
$info["userpassword"]="aaa"; //要修改的信息,放在數(shù)組變量中
$info["location"]="shanghaisdaf";

ldap_modify($ds, $dn , $info);
//修改函數(shù)
ldap_unbind($ds);
//取消綁定
ldap_close($ds);
//關(guān)閉連接
2.6 用戶登錄驗(yàn)證
$ds=ldap_connect("10.31.172.30:1000");
//首先連接上服務(wù)器
if (ldap_bind($ds,"cn=dingxf,o=jite","dingxf")){
echo "驗(yàn)證通過";
}else{
echo "驗(yàn)證不通過";
}
ldap_unbind($ds);
//取消綁定
ldap_close($ds);
//關(guān)閉連接




注:此方法比較簡(jiǎn)單,實(shí)用,它也有不足之處,如果不通過,ldap_bind()提示它自帶的提示語:”Warning: LDAP: Unable to bind to server: Inappropriate authentication in /home/htdocs/jldl.net/ldap/test.php3 on line 16”



Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undress AI Tool

Undress AI Tool

Undress images for free

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

PHP Tutorial
1488
72
How to understand LDAP injection How to understand LDAP injection May 22, 2023 pm 09:47 PM

1. LDAP injection LDAP (Light Directory Access Portocol) is a lightweight directory access protocol based on the X.500 standard. It provides services and protocols for accessing directory databases. It is often used to form directory services with directory databases. The directory is a professional distributed database optimized for query, browsing and search. It organizes data in a tree structure, similar to the file directory in Linux/Unix systems. Data that is not modified frequently, such as public certificates, security keys, and company physical device information, is suitable for storage in the directory. LDAP can be understood as a search protocol, which is similar to SQL and has query syntax, but also has the risk of injection attacks. LDAP injection refers to the client

How to conduct range practice with bee-box LDAP injection How to conduct range practice with bee-box LDAP injection May 13, 2023 am 09:49 AM

If the essence of sql injection is to splice strings, then the essence of everything that can be injected is to splice strings. LDAP injection is no exception as a kind of injection. What is more interesting is that it is splicing parentheses (sql injection is also concatenates parentheses, but it is more conventional to say that it concatenates strings). In the environment configuration chapter, the configuration of the ldap environment in bee-box has been discussed in great detail. The shooting range practice chapter is more about the connection process between php and ldap, the introduction of the special functions used in the middle, and some techniques for splicing parentheses. Let’s first talk about the login process of the ldap shooting range in bwapp: First, this is an LDAP login interface, the URL is http://192.168.3.184/bW

How to configure the environment for bee-box LDAP injection How to configure the environment for bee-box LDAP injection May 12, 2023 pm 08:37 PM

1. Overview According to my learning process, I must know what the model and vulnerability of my web attack are. Now I have encountered an unexpected situation. The first time I saw LDAP was during a penetration test in a state-owned enterprise. I found an unpopular one (authorized) and piqued my interest in it. The concept of LDAP: Full name: Lightweight Directory Access Protocol (Lightweight Directory Access Protocol), features: I won’t talk about the protocol, it’s too esoteric, it can be understood as a database for storing data, its special feature is that it is a tree A database in the form of a database. First, the name of the database is equivalent to the root of the tree (i.e. DB=dc), and then the process from the root to a leaf node is

How to solve the problem of not being able to use DS4 - Win11 version How to solve the problem of not being able to use DS4 - Win11 version Jan 05, 2024 pm 02:24 PM

Many players now like to use ds4 controllers because they can install a ds4Windows in Windows systems to expand settings. However, after updating the system, they find that win11 cannot use ds4. At this time, we can try to update the driver to solve the problem. Solution to why win11 cannot use ds4: 1. First, we connect the ds4 controller to the computer. 2. After connecting, right-click "This Computer" to open "Management" 3. Enter "Device Manager" in the left column 4. Expand "Human Interface Devices" and double-click to open the "HID-compliant gamecontroller" device. 5. After opening, enter the "Driver" tab and click "Uninstall Device" to uninstall it. 6. After the uninstallation is completed, we unplug the ds

Using LDAP for user authentication in PHP Using LDAP for user authentication in PHP Jun 20, 2023 pm 10:25 PM

LDAP (LightweightDirectoryAccessProtocol) is a protocol for accessing distributed directory services. It can be used for tasks such as user authentication, authorization, account maintenance, and data storage. In PHP applications, LDAP can be used as a powerful authentication mechanism to provide powerful authentication and authorization functions for applications. This article will introduce how to use LDAP for user authentication in PHP. The specific content includes: Installation and configuration L

Solution to PHP Fatal error: Call to undefined function ldap_bind() Solution to PHP Fatal error: Call to undefined function ldap_bind() Jun 22, 2023 pm 11:37 PM

When developing web applications using PHP, we often need to use LDAP authentication to protect application access. However, in some cases, when we try to use PHP's LDAP functionality to implement authentication, we may encounter the following error message: "PHPFatalerror:Calltoundefinedfunctionldap_bind()". This error message usually occurs when an application calls the ldap_bind() function

php提交表單通過后,彈出的對(duì)話框怎樣在當(dāng)前頁彈出,該如何解決 php提交表單通過后,彈出的對(duì)話框怎樣在當(dāng)前頁彈出,該如何解決 Jun 13, 2016 am 10:23 AM

php提交表單通過后,彈出的對(duì)話框怎樣在當(dāng)前頁彈出php提交表單通過后,彈出的對(duì)話框怎樣在當(dāng)前頁彈出而不是在空白頁彈出?想實(shí)現(xiàn)這樣的效果:而不是空白頁彈出:------解決方案--------------------如果你的驗(yàn)證用PHP在后端,那么就用Ajax;僅供參考:HTML code

How to protect against LDAP injection vulnerabilities using PHP How to protect against LDAP injection vulnerabilities using PHP Jun 24, 2023 am 10:40 AM

As network security issues receive more and more attention, more and more programmers are beginning to pay attention and learn how to prevent code from being attacked. Among them, common attack methods include SQL injection, XSS, CSRF, etc. However, there is another common attack method that is underestimated: LDAP injection vulnerabilities. This article will introduce the principle of this attack method and how to use PHP to prevent LDAP injection vulnerabilities. LDAP introduction LDAP (LightweightDirectoryAccessProtocol)

See all articles