I have this issue, I’m have a user selected in LDAP through ldap search, giving only the attribute of gid.
$ldapattributes = array("gidnumber");
$ldapdn = "o=example";
$ldapfilter = "(sn=".$ldapuname."*)";
$ldapbind = ldap_bind($ldapconn, $ldapuname, $ldappass) or trigger_error('Could not bind to '.$ldaphost);
$sr = ldap_search($ldapconn,$ldapbasedn,$ldapfilter,$ldapattributes);
var_dump($sr);
$entry = ldap_get_entries($ldapconn, $sr);
var_dump($entry);
the result i get from the vardump is:
‘gidnumber’ =>
array
‘count’ => int 1
0 => string ‘1617’ (length=4)
I know 1617 is the number that maps correctly to the group I want to, but, I’d like the text that’s attributed to it elsewhere that says it’s ‘ConfSer’. I haven’t been able to discover where this is, or how I could turn the gid into another filter to acquire the name and information of that particular group (so I can route it through a config file that spits out permissions).
EDIT: I get “CN=Ldaptst2 Majtst,O=example” in the results as well. But Neither of those are actually the group… just the full name.
Construct a search filter that will return all entries that have objectClass
posixGroupandthe desired
gidNumber, for example,(&(objectClass=posixGroup)(gidNumber=<insert-gid-number-here>)). You must also supply a listof attributes to return in the search result. Depending on which API used by your code using
this list of attributes might default to all user attributes. One of the attributes returned
will be the relative distinguished name of the group, and the search result itself will contain
the distinguished name of the group, which might be something like:
cn=group-of-users,dc=example,dc=com.From the command line, this search might be something like: