2

I'm using the ADLDAP library (http://adldap.sourceforge.net) to interact with Active Directory. I am using PHP. I would like to get all users from Active Directory and save them to array. Is there any way to do this?

Kara
  • 6,115
  • 16
  • 50
  • 57
pangi
  • 2,703
  • 6
  • 25
  • 35

2 Answers2

5

You probably want to do something like:

$adldap = new adLDAP();
$usernames = $adldap->user()->all();

$users = array();
foreach ($usernames as $username)
{
    $userInfo = $adldap->user()->infoCollection($username);
    $users[$username] = $userInfo;
}

the all() method is doumented here.

Kevin Horn
  • 4,167
  • 28
  • 30
  • is there a way to have only active (not disabled) users? – Sirber Sep 05 '12 at 19:05
  • @Sirber: the `all()` method takes a `$search` parameter, which I believe can be used to filter the list. It should be a regular LDAP filter I think. Or you could just filter the results in the `for` loop on the `enabled` attribute. – Kevin Horn Oct 19 '12 at 15:13
1

Assuming that the directory administrators would permit an LDAP client application to retrieve all entries from a directory, extract the value of the attribute namingContexts from the root DSE. The values of this attribute (it is multi-valued) are the naming contexts or suffixes that this server supports. With this information, construct a search using:

  • the naming context
  • a size limit 0f 0 (no sizelimit)
  • a time limit of 0 (unlimited time)
  • a filter that will match all entries, for example, (objectClass=*) or (&)
  • a scope sufficient to discover all entries, probably subtree
  • a list of the attributes you require

Construct this search for each namingContext. Again, assuming that the directory administrators will allow an LDAP client to search the entire directory, these searches will result in responses that contain every entry.

There are many caveats such as:

  • is this permitted by administrators?
  • can your application grow big enough to handle the data (if not the Simple Paged Results mechanism may provide a solution).
  • I have been told that AD imposes a size limit of 1000 on LDAP clients. Even if this is true, no LDAP client should be coded with knowledge of a directory infrastructure or vendor. Doing so results in poor, brittle code that is difficult to maintain. All LDAP clients must be coded to the standards imposed by the LDAP Directorate at the IETF.

For more information, see:

Terry Gardner
  • 10,957
  • 2
  • 28
  • 38
  • I'm sorry, but I don't understand. I'm looking for a way to get all AD users from AD, and store them into array using PHP. – pangi Mar 10 '12 at 11:26