Get display name for Zend LDAP Authentication_问答_开发者

Get display name for Zend LDAP Authentication

开发者 https://www.devze.com 2023-04-05 19:24 出处：网络

I have successfully implemented the Zend Framework LDAP adapter for the Zend_Auth module, and can login against my Active Directory controller. However, the getIdentity() method returns just the usern

I have successfully implemented the Zend Framework LDAP adapter for the Zend_Auth module, and can login against my Active Directory controller. However, the getIdentity() method returns just the userna开发者_StackOverflowme (good for database foreign key usage), while I'd like to (additionally) get the "cn" or "displayname" property of the user object for display on the webpage itself.

I see a getLdap() method on the Zend_Auth_Adapter_Ldap object, but on the result object from authenticating against Zend_Auth. Is there a way to get at the LDAP connection that the user authenticated with and get their data?

Well, I found out a way breaking out of the Zend_Auth module and using the Zend_Ldap module directly. If anyone knows how to do this using the Auth or AuthAdapter objects, I'd be glad to learn!

I'm using Zend_Registry to store various LDAP options, and then the current user information:

$authAdapter = new Zend_Auth_Adapter_Ldap(array(
    'server1' => array(
        'host' => Zend_Registry::get('LDAP_host'),
        'accountDomainName' => Zend_Registry::get('LDAP_domainName'),
        'accountCanonicalForm' => 2,
        'baseDn' => Zend_Registry::get('LDAP_baseDn'),
        'bindRequiresDn' => TRUE,
    )
));
$authAdapter->setIdentity($_POST['username']);
$authAdapter->setCredential($_POST['passwd']);
$auth = Zend_Auth::getInstance();

// Do the login
$rs = $auth->authenticate($authAdapter);
if (!$rs->isValid()) {
    // Login failed
    exit;
}
// Login succeeded

Checking for authenticated user: If we are currently authenticated, create a Zend_Ldap object using similar options to the AuthAdapter, and search for this userid.

$auth = Zend_Auth::getInstance();
if ($auth->hasIdentity()) {
    $uid = $auth->getIdentity();
    Zend_Registry::set('cur_user', $uid); // Save username
    $ldap = new Zend_Ldap(array(
        'host' => Zend_Registry::get('LDAP_host'),
        'accountDomainName' => Zend_Registry::get('LDAP_domainName'),
        'accountCanonicalForm' => 2,
        'baseDn' => Zend_Registry::get('LDAP_baseDn'),
        'bindRequiresDn' => TRUE,
    ));
    $ldap->bind();
    $rs = $ldap->getEntry('uid='.$uid.','.Zend_Registry::get('LDAP_baseDn'), array('displayname', 'mail'));
    Zend_Registry::set('cur_user_name', $rs['displayname'][0]);
    Zend_Registry::set('cur_user_mail', $rs['mail'][0]);
} else {
    Zend_Registry::set('cur_user', 'Anonymous');
    Zend_Registry::set('cur_user_name', 'Anonymous');
    Zend_Registry::set('cur_user_mail', 'nobody@nowhere.com');
}

Zend_Auth_Adapter_Ldap defines a method getAccountObject that will do what you want.

eg;

$adapter = new Zend_Auth_Adapter_Ldap($options, $username, $password);

$result = $auth->authenticate($adapter);

if ($result->isValid()) {
   $user_data = $adapter->getAccountObject();
}

The method allows you to optionally set which attributes you want to retrieve, too.