|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #30670 ldap_search does not work on Windows 2003 directories (but other tools do)
Submitted: 2004-11-03 09:03 UTC Modified: 2005-02-24 10:52 UTC
Avg. Score:4.8 ± 0.4
Reproduced:6 of 6 (100.0%)
Same Version:1 (16.7%)
Same OS:2 (33.3%)
From: michael dot siebke at keymile dot com Assigned:
Status: Closed Package: LDAP related
PHP Version: 5.0.1 OS: Linux (Redhat 8)
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: michael dot siebke at keymile dot com
New email:
PHP Version: OS:


 [2004-11-03 09:03 UTC] michael dot siebke at keymile dot com
It's not possible to search a Windows 2003 active directory using the LDAP interface (Windows 2000 works fine). However, using other tools (like LDAP browers), searching the Windows 2003 directory works. The problems occurs only using the PHP library.

Reproduce code:
$connect  =  ldap_connect("[i][/i]");

  if ($connect != FALSE) {

    $res   = ldap_bind($connect, "[i]username[/i]", "[i]password[/i]");

    if ($res == FALSE) {
      echo "Unable to bind to LDAP server<br>";

    $attributes = array("sAMAccountName", "dn", "mail");
    $data = ldap_search($connect, "[i]DC=company,DC=de[/i]", "(sAMAccountName=[i]targetaccount[/i])");

    if ($data != FALSE) {
       echo "Reading data...<br>";
       $data  = ldap_get_entries($connect, $data);
    } else {
       echo "Nothing :-(<br>";

Expected result:
"Reading data..."

Actual result:
Warning: ldap_search() [function.ldap-search]: Search: Operations error in /data/htdocs/hd5dev/Test.php on line 57
Nothing :-(


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2005-01-13 00:12 UTC] p dot boven at chello dot nl

This is not a PHP bug imho: the problem is that Windows 2003 -must- have some options set between the ldap_connect and ldap_bind:

$ldap = ldap_connect($ldap_url);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);
ldap_bind($ldap, $ldap_user, $ldap_passwd)

Works fine for me with PHP 4.3.x, Solaris 9 (Sparc), ADS W2k3.

Regards, Paul Boven.
 [2005-01-28 12:51 UTC] peter dot burden at gmail dot com
PHP 4.3.10 + Apache 2.0.45 + Solaris 2.7 + Openldap 2.1.30

No problems using LDAP this way via a WWW server launched
script but the extra option settings described by Paul
Boven were necessary when using PHP CLI.
 [2005-01-28 16:11 UTC] michael dot siebke at keymile dot com
Ok, thanks for the feedback. I will try it that way.
 [2005-02-03 22:03 UTC] peter dot burden at gmail dot com
Been investigating further using underlying openldap 
library C functions. It seems that ldap_search_s() - 
which means synchronous, i.e. it doesn't return until 
it's got a result - is actually behaving asynchronously
 - i.e. returning immediately and requiring the user 
to do a separate library call to get the results. In C 
you can avoid problems by calling ldap_search() followed 
by a call to ldap_result(), unfortunately PHP doesn't
provide this option.

A Google search for the associated error message
'LdapErr: DSID-0C0905FF' reveals many other software developer forums with the same problem (in Java, 
Python among others).

Hope this is useful to somebody.
 [2005-02-24 10:52 UTC] michael dot siebke at keymile dot com
Tested with the options mentioned here and works fine. This report can be closed.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Sat Sep 30 04:01:25 2023 UTC