|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2005-02-05 17:21 UTC] sniper@php.net
[2005-02-07 16:26 UTC] merrittd at dhcmc dot com
[2007-10-06 02:21 UTC] jani@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri May 17 04:01:34 2024 UTC |
Description: ------------ I'm not sure if this a PHP bug, an OpenLDAP issue, or my lack of LDAP knowledge. Trying to use ldap_search against a Windows 2000 Active Directory server. I can get partial information I need against the CN records in the top DC but am unable to get any record information from a sub DC. The directory structure is like so: |--DC=com |--DC=dhwin2knet |--OU=DHCMC | |--OU=Regular Users | |--CN=User 100 | |--CN=User 101 | |--etc | |--DC=dhsp |--OU=DHSP |--CN=User 900 |--CN=User 901 |--etc Using the following code to search for records: // ldap auth info $ldap = "my_ldap_server.dhwin2knet.com"; $auth_user = "dhwin2knet\\some_userid"; $auth_pass = 'foobar'; $base_dn = "dc=dhwin2knet,dc=com"; $filter = "(&(objectClass=user)(objectCategory=person)(samaccountname=*))"; // connect to server and set options $connect = ldap_connect($ldap); ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); // bind to server $bind = ldap_bind($connect, $auth_user, $auth_pass); // search directory if (!($search=@ldap_search($connect, $base_dn, $filter))) { die("Unable to search ldap server"); } // get the number of entries found $number_returned = ldap_count_entries($connect,$search); echo "The number of entries returned is " . $number_returned; Using the above code I can return ~500 user records but this is giving me only the users in the OUs directly below DC=dhwin2knet,DC=com and none of the ~250 records in the sub-domain, DC=dhsp,DC=dhwin2knet,DC=com i.e. Found: CN=User 100,OU=Regular Users,OU=DHCMC,DC=dhwin2knet,DC=com Not found: CN=User 900,OU=DHSP,DC=dhsp,DC=dhwin2knet,DC=com I've tried changing the user id that is connecting to the LDAP to be a user in the dhsp sub-domain, changing the base dn to "dc=dhsp,dc=dhwin2knet,dc=com", using different filters etc but no matter what I'm trying I am unable to get any records returned from DC=dhsp,DC=dhwin2knet,DC=com. I have used the Softerra LDAP Browser to browse and verify my base dn and filter. Using the dn and filter from the code above in LDAP Browser I am getting the ~750 entries that I am expecting to see. The following info on the ldap module is returned by php_info(): LDAP Support enabled RCS Version $Id: ldap.c,v 1.154 2004/06/28 22:31:28 iliaa Exp $ Total Links 0/unlimited API Version 2004 Vendor Name OpenLDAP Vendor Version 0 Reproduce code: --------------- <?php // ldap auth info $ldap = "fffhp020.dhwin2knet.com"; $auth_user = "dhwin2knet\\ideasadm"; $auth_pass = 'sdrcpass'; $base_dn = "dc=dhwin2knet,dc=com"; $filter = "(&(objectClass=user)(objectCategory=person)(samaccountname=*))"; // connect to server and set options $connect = ldap_connect($ldap); ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); // bind to server $bind = ldap_bind($connect, $auth_user, $auth_pass); // search directory if (!($search=@ldap_search($connect, $base_dn, $filter))) { die("Unable to search ldap server"); } $number_returned = ldap_count_entries($connect,$search); echo "The number of entries returned is " . $number_returned; ?> Expected result: ---------------- Would expect to see ~750 user records returned from the following OUs: OU=DHCMC,DC=dhwin2knet,DC=com - ~500 records OU=DHSP,DC=dhsp,DC=dhwin2knet,DC=com - ~250 records Actual result: -------------- Only getting ~500 users returned from OU=DHCMC,DC=dhwin2knet,DC=com with none of the ~250 records being returned from OU=DHSP,DC=dhsp,DC=dhwin2knet,DC=com