php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30670 ldap_search does not work on Windows 2003 directories (but other tools do)
Submitted: 2004-11-03 09:03 UTC Modified: 2005-02-24 10:52 UTC
Votes:6
Avg. Score:4.8 ± 0.4
Reproduced:6 of 6 (100.0%)
Same Version:1 (16.7%)
Same OS:2 (33.3%)
From: michael dot siebke at keymile dot com Assigned:
Status: Closed Package: LDAP related
PHP Version: 5.0.1 OS: Linux (Redhat 8)
Private report: No CVE-ID:
 [2004-11-03 09:03 UTC] michael dot siebke at keymile dot com
Description:
------------
It's not possible to search a Windows 2003 active directory using the LDAP interface (Windows 2000 works fine). However, using other tools (like LDAP browers), searching the Windows 2003 directory works. The problems occurs only using the PHP library.

Reproduce code:
---------------
$connect  =  ldap_connect("[i]server.domain.de[/i]");

  if ($connect != FALSE) {

    $res   = ldap_bind($connect, "[i]username[/i]", "[i]password[/i]");

    if ($res == FALSE) {
      echo "Unable to bind to LDAP server<br>";
      exit;
    }

    $attributes = array("sAMAccountName", "dn", "mail");
    $data = ldap_search($connect, "[i]DC=company,DC=de[/i]", "(sAMAccountName=[i]targetaccount[/i])");

    if ($data != FALSE) {
       echo "Reading data...<br>";
       $data  = ldap_get_entries($connect, $data);
    } else {
       echo "Nothing :-(<br>";
    }
      
    ldap_close($connect);
  }

Expected result:
----------------
"Reading data..."

Actual result:
--------------
Warning: ldap_search() [function.ldap-search]: Search: Operations error in /data/htdocs/hd5dev/Test.php on line 57
Nothing :-(

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-13 00:12 UTC] p dot boven at chello dot nl
Hi,

This is not a PHP bug imho: the problem is that Windows 2003 -must- have some options set between the ldap_connect and ldap_bind:

$ldap = ldap_connect($ldap_url);
...
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);
...
ldap_bind($ldap, $ldap_user, $ldap_passwd)

Works fine for me with PHP 4.3.x, Solaris 9 (Sparc), ADS W2k3.

Regards, Paul Boven.
 [2005-01-28 12:51 UTC] peter dot burden at gmail dot com
PHP 4.3.10 + Apache 2.0.45 + Solaris 2.7 + Openldap 2.1.30

No problems using LDAP this way via a WWW server launched
script but the extra option settings described by Paul
Boven were necessary when using PHP CLI.
 [2005-01-28 16:11 UTC] michael dot siebke at keymile dot com
Ok, thanks for the feedback. I will try it that way.
 [2005-02-03 22:03 UTC] peter dot burden at gmail dot com
Been investigating further using underlying openldap 
library C functions. It seems that ldap_search_s() - 
which means synchronous, i.e. it doesn't return until 
it's got a result - is actually behaving asynchronously
 - i.e. returning immediately and requiring the user 
to do a separate library call to get the results. In C 
you can avoid problems by calling ldap_search() followed 
by a call to ldap_result(), unfortunately PHP doesn't
provide this option.

A Google search for the associated error message
'LdapErr: DSID-0C0905FF' reveals many other software developer forums with the same problem (in Java, 
Python among others).

Hope this is useful to somebody.
 [2005-02-24 10:52 UTC] michael dot siebke at keymile dot com
Tested with the options mentioned here and works fine. This report can be closed.
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 20:01:57 2014 UTC