I am not familiar with PHP's implementation of accessing LDAP/Active
Directory so I can't help you there. What I can help you with is perhaps
understanding where to get information from your domain structure in order
to coherently assemble all those CN's, OU's, DN things.
Log into the console of one of your domain controllers and open the
"Active Directory Users and Computers" administrator tool.
In the left window pane at the top will be the name of your domain, eg:
Take note of your domain name.
Now you need to find the location of the ECSDocket_Admin,
ECSDocket_User, and ECSDocket_Viewer group objects within your domain
Click on the +(plus) sign next to your domain name (if it isn't
already). You should see a bunch of folders (actually OU's and Directory's
but I'll keep it simple). The groups you are looking for will be located
inside one of these 'folders', most likely inside the one called 'users' so
start looking there.
Take note of the "path" to where you found the group, starting from the
top 'somedomain.com' and working down through the folders. eg:
To query a group object you will need to know it's distinguished name
(DN). Using the info you collected about your domain name and the location
you can assemble the DN for
each of your groups like so:
Note: I am using an example path to a group of:
DN value is:
--Notice that we are starting with the object name 'ECSDocket_Admin' and
working our way UP the tree (reverse order when looking at the path I had
you write down)!
--Notice that just the group name is prefixed with CN=
--Notice that all the 'folder' names are prefixed with OU=
--Notice that we split our domain name at the dot delimiter and prefixed
each of those parts with a DC=
--Notice that everything in the DN value is delimited with a
Values for other items you will probably need are:
The 'search base' or the point within the directory to start your
search, using a domain name of somedomain.com as an example, will be:
The search scope will be: sub which simply says it is
ok to look in all those 'folders' underneath the starting point too
Once you figure out how to query a group object, the attribute value you
are specifically interested in is called 'member'. This attribute contains
multiple values, one for each user that is a member of the group. These
values will be the DN of the user account. The part you will be interested
in will be the CN=SOMEUSER portion at the beginning as this is the users
account name. the rest is the 'path' to where this account object is
stored in the domain structure.
Hope it helps.