hi,
i want to read entries in active directory via COM-interface. (ADS on W2K, Webserver IIS 6.0 in Win 2003, php 4.3.4)
I am connected to ADS and read the desired user and some of his attributes. (eg. EmailAddress) If i try to read the groups he belongs to i get the error: PropGet() failed: Mitglied nicht gefunden/member not found. It points to the line where i supply a variable with the content of the groups-object-array.
My code is like this:
$ADSI = new COM("LDAP:") or Die ("Did not open");
$DsObj = $ADSI->OpenDsObject("LDAP://OU=Anw,OU=C,OU=Anw,OU=firma,DC=domain,DC=de","testads","pass",1) ;
$Obj = $DsObj->GetObject("user", "CN=test");
echo $Obj->EmailAddress;
$Gruppen = $Obj->Groups;
$ADSI->Release();

I think it could be a formattingproblem with my variable Gruppen or something like that!?!?!?!
Regards

    8 days later

    I found an answer to my problem. It's quite simple if you know the right syntax:
    $ADSI = new COM("LDAP:") or Die ("Did not open");
    $DsObj = $ADSI->OpenDsObject("LDAP://OU=Anw,OU=C,OU=Anw,OU=firma,DC=domain,DC=de","testads","pass",1) ;
    $Obj = $DsObj->GetObject("user", "CN=test");
    $Gruppen=$Obj->MemberOf;
    foreach ($Gruppen as $key => $val):
    echo $key .$val."<br>";
    endforeach;
    $ADSI->Release();
    You just have to use the LDAPproperty memberof.
    It's the same if you want to read the members of the object GROUP. You have to iterate over the propertie member. There is one ugly point: If the group has no members, foreach breaks, because there seems to be an array with length 1 but there is only an empty variable. Similarly it happens if the group has only one member: you get a simple variable not an array. So you have to check before printing if it's an array or not.
    Annotation: If you want to manipulate the groups a user belongs to, you have to change the groups. It's not possible to change directly in the object user. In this case you just have to change the arrays you read before and write it back with SetInfo().

      Write a Reply...