Query all groups of a user using Zend_Ldap_问答_开发者

I haven't really got much to show because I'm not overly familiar with ldap (Open Directory) at all and I'm having a bit of trouble understanding how to actually query the groups of a particular user. Using Zend_Auth_Adapter_Ldap(),

$ldap = array(
    array('host' => 'od-master.foobar.net',
        'baseDn' => 'cn=users,dc=foobar,dc=net',
        'bindRequiresDn' => true,
        'accountCanonicalForm' => 2));

$authAdapter = new Zend_Auth_Adapter_Ldap($ldap);
// Set the input credential values to authenticate against
$authAdapter->setIdentity($form->getValue('username'));
$authAdapter->setCredential($form->getValue('password'));
//etc

I have the account being authenticated, but now I need to retrieve a list of groups this user belongs to. I'm not generally one to ask for help without trying stuff first, but I can't even get to that point. Any help is greatly appreciated.

In case my question wasn't obvious: how do you query all the groups of a particular user?

===== EDIT =====

As per suggestions given, this was my latest attempt:

$attributes = array('memberOf'); //also tried member
$users = $ldapAdapter->search('cn=username', $ldapAdapter->getBaseDn(), Zend_Ldap::SEARCH_SCOPE_SUB, $attributes);
foreach ($users as $user) {
   var_dump($user);
}

I did also try to do this outside of Zend_Ldap unsuccessfully.

$attributes = array('memberOf'); //also tried member
$result = ldap_search($ldapAdapter->getResource(), $baseDn, 'cn=username', $attributes);
$info = ldap_get_entries($ldapAdapter->getResource(), $result);

Which results in an empty array. Any further direction would be greatly 开发者_如何学Cappreciated.

===== EDIT 2 =====

So I tried to completely remove Zend_Ldap so I can test things easier, here is what I ended up with which results in array('count' => 0) returned.

$resource = ldap_connect('od-master.foobar.net', 389);
ldap_set_option($resource, LDAP_OPT_PROTOCOL_VERSION, 3);
$bind = ldap_bind($resource, 'uid=johnc,cn=users,dc=foobar,dc=net', '***');
$result = ldap_search($resource, 'cn=users,dc=foobar,dc=net', '(cn=username)');
$info = ldap_get_entries($resource, $result);

You just add to make a Ldap_Search in nod cn=users,dc=foobar,dc=net with a filter like cn=username for an attribute called memberOf.

When you write a SEARCH in LDAP you give :

The DN of the nod where begin the search
The attributes you want to retreive
the filter ((&(cn=username))
The deepness of your search and here it's subtree (not OneLevel, nor base)

For anyone else that comes across this, here is the solution I came out with.

$groups = array();
$attributes = array('cn');
$users = $ldapAdapter->search('(&(objectClass=posixGroup)(memberUid='. $form->getValue('username') .'))', 'cn=groups,dc=foobar,dc=net', Zend_Ldap::SEARCH_SCOPE_SUB, $attributes);
foreach ($users as $user) {
    $groups[] = $user['cn'][0];
}

I know it was about Zend Framework, but i have found how to query groups Zend\Ldap\Ldap with ZF2

$ldap = $adapter->getLdap();
$filter = \Zend\Ldap\Filter::equals('samaccountname', 'my_username');
$basedn = 'CN=Users,DC=foobar,DC=net';
$attributes = array('memberOf');
$scope = \Zend\Ldap\Ldap::SEARCH_SCOPE_SUB;

$result = $ldap->search($filter, $basedn, $scope, $attributes);

Open Directory (Apple's implementation of OpenLDAP on OS/X) did not have the memberOf overlay support added at compile time. Therefore, memberOf will not work on a standard Mac OS X system.

As the OP found out, a workaround will require implementing the collection of groups and building a per-user group membership to achieve the same (or manually adding this missing information each time a change to the LDAP datastore is made).