php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #52266 ldap_search Operations error for SizeLimit > $results['count']
Submitted: 2010-07-06 17:51 UTC Modified: 2010-07-08 12:29 UTC
From: ceo at l-i-e dot com Assigned:
Status: Not a bug Package: LDAP related
PHP Version: 5.3.2 OS: Mac OS X
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: ceo at l-i-e dot com
New email:
PHP Version: OS:

 

 [2010-07-06 17:51 UTC] ceo at l-i-e dot com 
Description:
------------
NOTE:
***
It's actually PHP 5.3.1, from mac ports. Sorry.
But I don't find anything related in bug searching, nor in the ChangeLog for 5.3.2, so pretty sure it's still active bug.
***

Attempting to work with Active Directory via OpenLDAP/PHP.

Search for '(cn=*)' works fine.
Search for '(cn=*ynch)' fails with ldap_search: Search: Operations error

Further analysis reveals that providing the fourth parameter, SizeLimit, which is equal to or less than the number of results, works fine.  Larger numbers fail, in the same way as no limit.

Of course, one doesn't generally know how many results are in there, so this is not really a good work-around...

I believe the AD server is 2003 version, but it could be newer.

The AD server is reputed to have 50,000 entries in it, which may be relevant.


Test script:
---------------
http://6112northwolcott.com/ldap/ldap.phps

Expected result:
----------------
I expect it to give me 16 results, no matter what number I put for the fourth parameter, or for none at all.


Actual result:
--------------
http://6112northwolcott.com/ldap/ldap.txt

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-07-06 17:52 UTC] ceo at l-i-e dot com 
PS
The same searches work fine from ldapsearch command line tool provided by OpenLDAP.
Thus, logically, the error must reside in PHP's extension...
 [2010-07-06 18:57 UTC] ceo at l-i-e dot com 
The AD version has been confirmed to be 2003.
 [2010-07-08 10:19 UTC] grantc@php.net 
According to the contributed notes in http://www.php.net/manual/en/function.ldap-
search.php, LDAP_OPT_REFERRALS should be set to 0 and not 2 as you have in your test case. When set to 0 I don't see the "Operations Error" message. I also 
have it set this way to enable search in AD for a rudimentary phonebook.
 [2010-07-08 12:26 UTC] patrickallaert@php.net
-Status: Open +Status: Bogus
 [2010-07-08 12:26 UTC] patrickallaert@php.net 
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

Use ldap_set_option($ldapConn, LDAP_OPT_REFERRALS, 0); when connecting to AD server 2003 and searching in the whole AD schema.
By the way, '2' is not a valid value for LDAP_OPT_REFERRALS which expect a value of 0 or 1.
 [2010-07-08 12:29 UTC] patrickallaert@php.net 
Use ldap_set_option($ldapConn, LDAP_OPT_REFERRALS, 0); when connecting to AD server 2003 and searching in the whole AD schema.
By the way, '2' is not a valid value for LDAP_OPT_REFERRALS which expect a value of 0 or 1.
 [2010-07-12 20:15 UTC] ceo at l-i-e dot com 
A User Contributed note suggested using 2, and I was foolish enough to try it.
Other errors later corrected masked the issue at hand, and I thought it was still broken with 0 for AD 2003.
I apologize for the noise.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri May 03 20:01:31 2024 UTC