ID: 41953 Updated by: [EMAIL PROTECTED] Reported By: ahoyt at kpcommunications dot com -Status: Open +Status: Bogus Bug Type: LDAP related Operating System: Mac OS X, Windows 2003 Server PHP Version: 5.2.3 New Comment:
Whatever is passed as DN is passed directly to the underlying LDAP library's function. In other words: It's not PHP bug. Previous Comments: ------------------------------------------------------------------------ [2007-07-10 19:27:30] ahoyt at kpcommunications dot com Description: ------------ ldap_add fails when creating a new user in Active Directory with the following circumstances: 1. The DN contains a comma such as: "CN=Last, First,CN=Users,DC=example,DC=com" 2. This bug is reproducible on Mac OS X and Windows 2003 Server (Have not tried other OS's). 3. unknown whether the problem is with php_ldap module or with zend engine. Sourcecode for AD user creation from http://adldap.sourceforge.net. Class modified to make entry as straightforward as possible. See example.php user_create() and change the dn in adLDAP.php to a preset string. Reproduce code: --------------- //ldap connect -> $_conn (returns a valid link resource) ldap_set_option($_conn, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($_conn, LDAP_OPT_REFERRALS, 0); //ldaps bind (ldap binds with ssl) $dn = "CN=Last\\, First,CN=Users,DC=example,DC=com"; //escape twice for a single backslash in ldap echo $dn; echo "<br>"; $attributes["samaccountname"][0] = "flast"; $attributes["anyattribute"][0] = "anything"; ldap_add($_conn,$dn,$attributes); //Error Expected result: ---------------- ldap_add returns true, new user created at CN=Last\, First,CN=Users,DC=example,DC=com Note: This happens with Active Directory on Windows 2003 Server, as well as many open directory implementations. The comma character is not defined in RFC 2255, PHP or SSL does not deal with it correctly. php class located at: http://adldap.sourceforge.net Actual result: -------------- Program returns the following: ---------------------------------------------------------------------- CN=Last\, First,CN=Users,DC=example,DC=com Warning: ldap_add() [function.ldap-add]: Add: Invalid DN syntax in / PHP/classes/class.adLDAP.php on line 689 ---------------------------------------------------------------------- Notes: The dn syntax is completely valid, no reason why this should not work. line 689 is not the actual location of ldap_add in the original adldap class: (http://adldap.sourceforge.net), but it is near that line. In the class, it is preceeded by an @. I removed the @ to see the error messages. Notes: the phpLDAPadmin project has a similar problem but when exporting to LDIF format, the DN comes out like this: CN=Last\2C First,CN=Users,DC=example,DC=com under and Open Directory Server. Other notes: This bug also seems to appear in the PEAR package for LDAP. I have tried DN entries with commas ",", backslash commas, "\,", etc. and none of it works. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=41953&edit=1