Asked  8 Months ago    Answers:  5   Viewed   49 times

I've set up a system to display everyone's name, email address and phone number from Active Directory however I can't get the 'thumbailPhoto' to work.

I have searched around on the internet but haven't been able to find if this is possible or at the very least what format is returned from Active Directory.

I am currently using the adldap class so if it is possible to use this that would be ideal.

Thanks in advance.

Edit:

I can retrieve the data in the thumbnailPhoto attribute and if I dump them straight to the browser I get something like this:

ÿØÿàJFIFððÿá PExifII*bh~†(2Ži‡¢XCanonCanon EOS 5D Mark IIIðð2013:05:19 17:35:31š‚à‚è"ˆ'ˆ 0230ð’ ’ ’ (’0’8’ ’ ’@‘’11’’11 0100 ÿÿ¢H¢P¢¤¤¤¤ 2013:04:17 11:44:522013:04:17 11:44:52H¹o@B¬ † è»dnäWµ˜:̦®(¶’ HHÿØÿàJFIFÿÛC $.' ",#(7),01444'9=82<.342ÿÛC 2!!22222222222222222222222222222222222222222222222222ÿÀ–d"ÿÄ ÿĵ}!1AQa"q2‘¡#B±ÁRÑð$3br‚ %&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚáâãäåæçèéêñòóôõö÷øùúÿÄ ÿĵw!1AQaq"2B‘¡±Á #3RðbrÑ $4á%ñ&'()

That isn't all of it but it is a very long string, I am presuming is some sort of binary string?

 Answers

72

This seems to be a JPEG-File, so you should be able to send that data together with the appropriate mime-type to the browser. It should be possible to output that image with something like:

<img src="data:image/jpeg;base64,<?php echo base64_encode($imageString); ?>"/>

But it might also be possible to save files of any image format into that thumbnailPhoto attribute. Therefore, I would put the content into a temporary file that will then be served directly from the server. You will need to pass the file through finfo to get the correct mime-type.

So you might do something like this:

$tempFile = tempnam(sys_get_temp_dir(), 'image');
file_put_contents($tempFile, $imageString);
$finfo = new finfo(FILEINFO_MIME_TYPE);
$mime  = explode(';', $finfo->file($tempFile));
echo '<img src="data:' . $mime[0] . ';base64,' . base64_encode($imageString) . '"/>';
Wednesday, March 31, 2021
 
msg
answered 8 Months ago
msg
90

Worked it out using an excellent function created by Sam J Levy.

Here's the final code that worked.

<?php

function explode_dn($dn, $with_attributes=0)
{
    $result = ldap_explode_dn($dn, $with_attributes);
    foreach($result as $key => $value) $result[$key] = preg_replace("/\([0-9A-Fa-f]{2})/e", "''.chr(hexdec('\1')).''", $value);
    return $result;
}

function get_members($group,$user,$password) {
    $ldap_host = "LDAPSERVER";
    $ldap_dn = "OU=some_group,OU=some_group,DC=company,DC=com";
    $base_dn = "DC=company,DC=com";
    $ldap_usr_dom = "@company.com";
    $ldap = ldap_connect($ldap_host);

    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
    ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);

    ldap_bind($ldap, $user . $ldap_usr_dom, $password);
    $results = ldap_search($ldap,$ldap_dn, "cn=" . $group);
    $member_list = ldap_get_entries($ldap, $results);

    $dirty = 0;
    $group_member_details = array();

    foreach($member_list[0]['member'] as $member) {
        if($dirty == 0) {
            $dirty = 1;
        } else {
            $member_dn = explode_dn($member);
            $member_cn = str_replace("CN=","",$member_dn[0]);
            $member_search = ldap_search($ldap, $base_dn, "(CN=" . $member_cn . ")");
            $member_details = ldap_get_entries($ldap, $member_search);
            $group_member_details[] = array($member_details[0]['givenname'][0],$member_details[0]['sn'][0],$member_details[0]['telephonenumber'][0],$member_details[0]['othertelephone'][0]);
        }
    }
    ldap_close($ldap);
    return $group_member_details;
}

// Specify the group from where to get members and a username and password with rights to query it
$result = get_members("groupname","username","password");

// The following will create an XML file with the details from $group_member_details
$xml = simplexml_load_string("<?xml version='1.0'?>n<AddressBook></AddressBook>");
$version = $xml->addChild('version', '1');

foreach($result as $e) {
    $contact = $xml->addChild('Contact');
    $contact->addChild('FirstName', $e[0]);
    $contact->addChild('LastName', $e[1]);
    $phone = $contact->addChild('Phone');
    if ($e[3] == '') {
                $phone->addChild('phonenumber', '0');
        } else {
                $phone->addChild('phonenumber', $e[3]);
        }
    $phone->addChild('accountindex', '0');
    $phone = $contact->addChild('Phone');
    if ($e[2] == '') {
        $phone->addChild('phonenumber', '0');
    } else {
        $phone->addChild('phonenumber', $e[2]);
    }
    $phone->addChild('accountindex', '1');
    $contact->addChild('Group', '0');
    $contact->addChild('PhotoUrl', 'empty');
}

$xml->asXML('phonebook.xml');

?>
Wednesday, March 31, 2021
 
Baba
answered 8 Months ago
55

Here's a script we have for dumping AD information, maybe it will help you:

<?php
$ldap_columns = NULL;
$ldap_connection = NULL;
$ldap_password = 'top_secret_password';
$ldap_username = 'top_secret_username@'.LDAP_DOMAIN;

//------------------------------------------------------------------------------
// Connect to the LDAP server.
//------------------------------------------------------------------------------
$ldap_connection = ldap_connect(LDAP_HOSTNAME);
if (FALSE === $ldap_connection){
    die("<p>Failed to connect to the LDAP server: ". LDAP_HOSTNAME ."</p>");
}

ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');
ldap_set_option($ldap_connection, LDAP_OPT_REFERRALS, 0); // We need this for doing an LDAP search.

if (TRUE !== ldap_bind($ldap_connection, $ldap_username, $ldap_password)){
    die('<p>Failed to bind to LDAP server.</p>');
}

//------------------------------------------------------------------------------
// Get a list of all Active Directory users.
//------------------------------------------------------------------------------
$ldap_base_dn = 'DC=xyz,DC=local';
$search_filter = "(&(objectCategory=person))";
$result = ldap_search($ldap_connection, $ldap_base_dn, $search_filter);
if (FALSE !== $result){
    $entries = ldap_get_entries($ldap_connection, $result);
    if ($entries['count'] > 0){
        $odd = 0;
        foreach ($entries[0] AS $key => $value){
            if (0 === $odd%2){
                $ldap_columns[] = $key;
            }
            $odd++;
        }
        echo '<table class="data">';
        echo '<tr>';
        $header_count = 0;
        foreach ($ldap_columns AS $col_name){
            if (0 === $header_count++){
                echo '<th class="ul">';
            }else if (count($ldap_columns) === $header_count){
                echo '<th class="ur">';
            }else{
                echo '<th class="u">';
            }
            echo $col_name .'</th>';
        }
        echo '</tr>';
        for ($i = 0; $i < $entries['count']; $i++){
            echo '<tr>';
            $td_count = 0;
            foreach ($ldap_columns AS $col_name){
                if (0 === $td_count++){
                    echo '<td class="l">';
                }else{
                    echo '<td>';
                }
                if (isset($entries[$i][$col_name])){
                    $output = NULL;
                    if ('lastlogon' === $col_name || 'lastlogontimestamp' === $col_name){
                        $output = date('D M d, Y @ H:i:s', ($entries[$i][$col_name][0] / 10000000) - 11676009600); // See note below
                    }else{
                        $output = $entries[$i][$col_name][0];
                    }
                    echo $output .'</td>';
                }
            }
            echo '</tr>';
        }
        echo '</table>';
    }
}
ldap_unbind($ldap_connection); // Clean up after ourselves.
?>

User inventor96 has suggested using 11644473600 instead of 11676009600. I can confirm 11644473600 is correct in a Linux environment - my guess is that inventor96 is in a Windows environment.

Wednesday, March 31, 2021
 
zhartaunik
answered 8 Months ago
45

Try this:

// verify user and password
if($bind = @ldap_bind($ldap, $user . $ldap_usr_dom, $password)) {
    // valid
    // check presence in groups
    $filter = "(sAMAccountName=" . $user . ")";
    $attr = array("memberof","givenname");
    $result = ldap_search($ldap, $ldap_dn, $filter, $attr) or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap, $result);
    $givenname = $entries[0]['givenname'][0];
    ldap_unbind($ldap);

    // check groups
    foreach($entries[0]['memberof'] as $grps) {
        // is manager, break loop
        if (strpos($grps, $ldap_manager_group)) { $access = 2; break; }

        // is user
        if (strpos($grps, $ldap_user_group)) $access = 1;
    }

    if ($access != 0) {
        // establish session variables
        $_SESSION['user'] = $user;
        $_SESSION['access'] = $access;
        $_SESSION['givenname'] = $givenname;
        return true;
    } else {
        // user has no rights
        return false;
    }

} else {
    // invalid name or password
    return false;
}
Wednesday, March 31, 2021
 
Niels
answered 8 Months ago
91

Ideally you'd just make that directory accessible, but if that's absolutely not possible then you can do this:

myimage.php

$file = 'privatedir/image.jpg';
$type = 'image/jpeg';
header('Content-Type:'.$type);
header('Content-Length: ' . filesize($file));
readfile($file);
exit();

Then use myimage.php as the img tag src.

Friday, May 28, 2021
 
TMichel
answered 5 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 
Share