$_SERVER [‘REMOTE_USER’]返回登录到Active Directory的用户的用户名.我想通过使用ldap_search()来检索此用户信息.

这就是我现在拥有的：

$ad = // ldap_connection id
$filter = "(|(sn=$username*)(givenname=$username*))";
$attr = array("displayname", "mail", "mobile", "homephone", "telephonenumber", "streetaddress", "postalcode", "physicaldeliveryofficename", "l");
$dn = // OU, DC etc..

ldap_search($ad,$dn,$filter,$attr);

它有效,但我不确定如果两个用户具有几乎相同的名称它将起作用.
我如何仅搜索其唯一的用户名,以便我始终只获得一个用户？

解决方法:

sAMAccountName是Active Directory中使用的用户名属性,因此(&(objectClass = user)(sAMAccountName =％s))将是检查LDAP的给定用户名的正确过滤器(％s被实际用户名替换)自然).

请注意,您需要处理$username中的特殊字符,以避免格式错误的过滤器或最坏的恶意LDAP注入(请参阅RFC 2254)：

Any control characters with an ACII
code < 32 as well as the characters
with special meaning in LDAP filters
“*”, “(“, “)”, and “\” (the backslash)
are converted into the representation
of a backslash followed by two hex
digits representing the hexadecimal
value of the character.