|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64392 ldap_search() fails on base64-encoded entries
Submitted: 2013-03-08 15:53 UTC Modified: 2013-10-15 11:54 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: russ at bluecows dot com Assigned:
Status: No Feedback Package: LDAP related
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Bug Type:
From: russ at bluecows dot com
New email:
PHP Version: OS:


 [2013-03-08 15:53 UTC] russ at bluecows dot com
When using the ldap_search() function to query data from an LDAP database, it would appear that base64-encoded attributes are not decoded before running the search pattern against them.

Based on the code snippets below, if the first search is run, no results are returned, even if a DN in the search tree has a postalAddress attribute which matches the given search string.  If the second search is run, results are returned, indicating the search can check to see if the attribute exists at all, but the text-based search string is being checked against a base64-encoded attribute.

It would appear that ldap_get_entries() decodes base64-encoded attributes, because the output of $entries, when it is not NULL, will show postalAddress as text.  In order for ldap_search() to work properly, it should decode base64-encoded attributes before attempting to run the search against them.

Test script:
Failed test:

$search = ldap_search( $ldapHandle, $ldapBaseDn, "(postaladdress=*165 Main*)" );
$entries = ldap_get_entries( $ldapHandle, $search );

Successful test:

$search = ldap_search( $ldapHandle, $ldapBaseDn, "(postaladdress=*)" );
$entries = ldap_get_entries( $ldapHandle, $search );

Expected result:
In the failed test example, I would expect $entries to contain a list of LDAP DNs and associated attributes where the postalAddress attribute matches the search parameter.  Currently, it does not.  Searches against non-base64-encoded attributes such as mail or telephoneNumber work as expected.

Actual result:
When the failed test example is run, $entries is empty because no matches are returned from the ldap_search().


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2013-09-30 09:49 UTC]
-Status: Open +Status: Feedback
 [2013-09-30 09:49 UTC]
Not enough information was provided for us to be able
to handle this bug. Please re-read the instructions at

If you can provide more information, feel free to add it
to this bug and change the status back to "Open".

Thank you for your interest in PHP.

 [2013-10-15 11:54 UTC] php-bugs at lists dot php dot net
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Mon Dec 04 09:01:26 2023 UTC