I am looking for some help on trying to figure out the best way to do an Active directory group lookup and then when a user is found in that group the script determines if they have specific rights to a site. I have most of the pieces working except the part where the user is found in the group. Here is the code that I am using to do the group lookup
[PHP]
<?php ini_set('display_errors', 1); error_reporting (E_ALL); $arguments = getopt("u"); echo grouptestfull($arguments['u']); function grouptestfull($user) { include("adLDAP.php"); $adldap = new adLDAP(); try { $ldap_db = new adLDAP(); } catch (adLDAPException $e) { echo $e; exit(); } // clear the flags $validhr = false; $validinf = false; $validroot = false; //check group if(($ldap_db->user_ingroup($user,"SD.HR", true))) { echo "\nvalidhr\n"; $validhr = true; } if(($ldap_db->user_ingroup($user,"SD.INF", true))) { echo "\nvalidinf\n"; $validinf = true; } if(($ldap_db->user_ingroup($user,"SD.ROOT", true))) { echo "\nvalidroot\n"; $validroot = true; } //sort and return highest lvl group membership if ($validroot) { return "validroot"; echo "validroot"; //for testing only } else { echo "GOT HERE1"; //for testing only if ($validinf) { return "validinf"; echo "validinf"; //for testing only } else { if ($validhr) { ; return "validhr"; echo "Validhr"; //for testing only } else { echo "null"; //for testing only return ""; } } } } echo "GOT HERE2"; //for testing only ?>[/PHP]
the problem is whenever I do this it always returns “null”. The code that is calling this php page is this…
[PHP]
$str = shell_exec(’./grouptestfull3.php -u '.$LoggedInUsername);
[/PHP]
Hope some can help or give me suggestions on an easier way to do this.
Thanks