我不知道如何在AD中获取用户唯一标识符(SID).代码片段：

...    
$filter="(&(samaccountname=".$this->username.")(memberOf:1.2.840.113556.1.4.1941:=CN=GROUP_NAME,OU=Security,DC=something,DC=something))";
    $attribute = array("cn","objectsid","description", "group", "member", "samaccountname");
    $sr=ldap_search($this->conn_ldap, $this->ldap_dn, $filter, $attribute);

    if ($sr) 
    {

    $this->info = ldap_get_entries($this->conn_ldap, $sr);
    if ($this->info["count"] == 1){

    ldap_close($this->conn_ldap);
    return true;
    }
    ... 

我可以提取信息：

echo $this->info[0]["cn"][0];

要么

echo $this->info[0]["objectsid"][0];

在第一个输出中,我可以看到用户名,例如0 @ d^ WL7 U
我相信sid应该像S -……？

解决方法:

我在另一个网站上找到了解决方案(见下文).
基本上这个功能是转换器,使SID可见：

public static function SIDtoString($ADsid)
{
   $sid = "S-";
   //$ADguid = $info[0]['objectguid'][0];
   $sidinhex = str_split(bin2hex($ADsid), 2);
   // Byte 0 = Revision Level
   $sid = $sid.hexdec($sidinhex[0])."-";
   // Byte 1-7 = 48 Bit Authority
   $sid = $sid.hexdec($sidinhex[6].$sidinhex[5].$sidinhex[4].$sidinhex[3].$sidinhex[2].$sidinhex[1]);
   // Byte 8 count of sub authorities - Get number of sub-authorities
   $subauths = hexdec($sidinhex[7]);
   //Loop through Sub Authorities
   for($i = 0; $i < $subauths; $i++) {
      $start = 8 + (4 * $i);
      // X amount of 32Bit (4 Byte) Sub Authorities
      $sid = $sid."-".hexdec($sidinhex[$start+3].$sidinhex[$start+2].$sidinhex[$start+1].$sidinhex[$start]);
   }
   return $sid;
}

https://www.null-byte.org/development/php-active-directory-ldap-authentication/