I have a fully functional LDAP connector working... My next step is to check that the user authenticating against LDAP is within a group to allow/disallow further processing and im having some issues...
Ive checked out this out but it hasn't really helped:
http://dir.jpl.nasa.gov/developer/samples/php/test_for_group_membership.php.txt
and my script snippet:
$ad = "..."; //already working...
$ldap_gn = "CN=Domain Admins,CN=Users,DC=domain,DC=internal";
$ldap_user = $user."@domain.internal";
//connect
//set options
//bind
echo ldap_compare($ad, $ldap_gn,"homemdb", $ldap_user) ? "Domain Admin" : "Domain User";
everyone is coming back as being a domain admin... when i use the domain query tool from MSFT i see that the domain admin membership is within a container like:
[1] => homemdb
[memberof] => Array
(
[count] => 11
...
[9] => CN=Domain Admins,CN=Users,DC=domain,DC=internal
...
)
...which is why i used homemdb as the attribute value... but ive also tried the reference uniquemember with the same results
