Communications Software
plexcel_status
plexcel_find_authorities_by_domain
plexcel_get_authority
plexcel_get_domain
plexcel_log
plexcel_preamble
plexcel_authenticate
plexcel_sso
plexcel_logon
plexcel_logoff
plexcel_accept_token
plexcel_is_member_of
plexcel_set_password
plexcel_change_password
plexcel_gen_service_keytab
plexcel_search_objects
plexcel_get_account
plexcel_add_object
plexcel_modify_object
plexcel_delete_object
plexcel_rename_object
plexcel_set_attrdefs
plexcel_get_attrdefs
plexcel_set_conv_attrdefs
plexcel_get_account |
Printer Friendly Format |
Synopsis
array plexcel_get_account(resource $px, string $name, array $attrs)
Description
The plexcel_get_account function accepts a wide variety of account name forms and returns an array of attributes representing the named account.
The $name parameter may be NULL , a CN, a traditional SAM account name, a SAM account name with a NetBIOS domain name prefix, a user principal name or a full DN.
If the $name parameter is NULL , the account of the current user will be retrieved. The current user is the authenticated user or, if no authentication has successfully occurred, the HTTP service account.
Note: It is recommended that a qualified name form be used. Specifying only a CN or a SAM account name without a domain may not uniquely address the object.
The $attrs parameter may be NULL , the constant PLEXCEL_SUPPLIMENTAL or an array of attribute names that should be retrieved. If $attrs is NULL , all attributes of the account will be retrieved.
The PLEXCEL_SUPPLEMENTAL Constant
If the $attrs parameter is the special constant PLEXCEL_SUPPLEMENTAL only the following attributes will be retrieved:
userPrincipalName objectSid sAMAccountName displayName homeDirectory homeDriveThe “supplemental” attributes retrieved with the PLEXCEL_SUPPLEMENTAL constant
Calling plexcel_get_account with PLEXCEL_SUPPLEMENTAL is usually very fast 4 and should be favored when only the above attributes are required (e.g. only the displayName is needed).
Note: Currently attribute definitions set with the plexcel_set_attrdefs function have no effect on account data retrieved with the PLEXCEL_SUPPLEMENTAL flag.
Returns
The plexcel_get_account function returns an array of attributes representing the desired account or FALSE to indicate that an error has occurred in which case plexcel_status should be consulted.
Example
The following are examples are all equivalent (assuming the CN and sAMAccountName are unique).
// Get account by CN $acct = plexcel_get_account($px, 'Hans Müller', NULL); // or by sAMAccountName $acct = plexcel_get_account($px, 'hmuller', NULL); // or by NetBIOSName\sAMAccountName $acct = plexcel_get_account($px, 'EXAMPLE\hmuller', NULL); // or by userPrincipalName (except for groups) $acct = plexcel_get_account($px, 'hmuller@example.com', NULL); // or by distinguishedName $acct = plexcel_get_account($px, 'CN=Hans Müller,CN=Users,DC=example,DC=com', NULL);Account name forms used with plexcel_get_account (again).
The following PHP fragment illustrates how to retrieve the account information encoded in the Kerberos ticket of the authenticated user.
...
if (plexcel_sso($px) == FALSE) {
die('<pre>' . plexcel_status($px) . '</pre>');
} else {
$acct = plexcel_get_account($px, NULL, PLEXCEL_SUPPLEMENTAL);
if (is_array($acct) == FALSE)
die('<pre>' . plexcel_status($px) . '</pre>');
} else {
echo '<pre>';
print_r($acct);
echo '</pre>';
...
A plexcel_get_account example that uses PLEXCEL_SUPPLEMENTAL
See also
plexcel_search_objects
4 If the $name parameter is NULL and the user has been authenticated using Kerberos, no communication with the directory is necessary. The PLEXCEL_SUPPLIMENTAL attributes are retrieved directly from the PAC of the Kerberos ticket supplied by the client during authentication.