go to bug id or search bugs for
A search with ldap_search() and then getting the entries with ldap_get_entries() returns different search results on OpenLDAP and ActiveDirectory.
Example DN of a search result entry: cn=foo\, bar,dc=test
Active Directory: cn=foo\, bar,dc=test
OpenLDAP: cn=foo\5C\2C bar,dc=test
So for OpenLDAP special chars in the DN are escaped and for Active Directory they are not.
The returned DNs should be the same for all LDAP servers.
Add a Patch
Add a Pull Request
I was hoping to test this but fell short, I found the OpenLDAP project host a public LDAP server (http://www.openldap.org/faq/data/cache/1360.html) with the clause, "This service is often unavailable for one reason or another." which I found to be the case.
Is anyone aware of alternative public LDAP servers to test against?
Failing that I'll set up instances locally.
This issue targets an unsupported version of PHP. Is this still a reproducible issue? And if so, what version of OpenLDAP and ActiveDirectory are involved in the test?
Thanks for your feedback!
Verified with PHP 7.0.12 against Windows 2012 and OpenLDAP 2.4.40
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Re-Opened". Thank you.
I verified with PHP 7.0.12 against Windows 2012 and OpenLDAP 2.4.40
The DN should contain EITHER '\,' OR '\2C' but NOT '\5C\2C'. IMO that means that the value in the CN-Attribute already contains '\,' and not a simple ','. Can you please check that?
Additionally I checked that against a third LDAP-Server:
$ldap = ldap_connect('ldap://pksldap.tttc.de');
$result = ldap_search($ldap, 'c=DE', 'sn=Jahneke');
$res = ldap_get_entries($ldap, $result);
//string(101) "cn=Jahneke\2C Ralf- ChristophSER:799945522,ou=T-TeleSec SigG Test CA 15:PN,o=Deutsche Telekom AG,c=de"
string(37) "Jahneke, Ralf- ChristophSER:799945522"
Could you run that agains your OpenLDAP and ActiveDirectory (with appropriately adapted search-filter)? Thanks!
True, on PHP 7 it is "ou=foo\2C bar,ou=test,o=test,c=de" for OpenLDAP.
This is still an issue. In addition, using the "cn=foo\, bar,dc=test" that comes back in Active Directory case does not work for ldap_read(). Active Directory expects the comma to be escaped as "\2C".
I use ADSI Edit and ldapsearch to access AD and LDS.
cn = sn, givenname
dn = CN=sn\, givenname,OU=..,DC=..