Edit report at https://bugs.php.net/bug.php?id=64392&edit=1
ID: 64392 Updated by: m...@php.net Reported by: russ at bluecows dot com Summary: ldap_search() fails on base64-encoded entries -Status: Open +Status: Feedback Type: Bug Package: LDAP related Operating System: Linux PHP Version: Irrelevant Block user comment: N Private report: N New Comment: Not enough information was provided for us to be able to handle this bug. Please re-read the instructions at http://bugs.php.net/how-to-report.php If you can provide more information, feel free to add it to this bug and change the status back to "Open". Thank you for your interest in PHP. Previous Comments: ------------------------------------------------------------------------ [2013-03-08 15:53:22] russ at bluecows dot com Description: ------------ When using the ldap_search() function to query data from an LDAP database, it would appear that base64-encoded attributes are not decoded before running the search pattern against them. Based on the code snippets below, if the first search is run, no results are returned, even if a DN in the search tree has a postalAddress attribute which matches the given search string. If the second search is run, results are returned, indicating the search can check to see if the attribute exists at all, but the text-based search string is being checked against a base64-encoded attribute. It would appear that ldap_get_entries() decodes base64-encoded attributes, because the output of $entries, when it is not NULL, will show postalAddress as text. In order for ldap_search() to work properly, it should decode base64-encoded attributes before attempting to run the search against them. Test script: --------------- Failed test: $search = ldap_search( $ldapHandle, $ldapBaseDn, "(postaladdress=*165 Main*)" ); $entries = ldap_get_entries( $ldapHandle, $search ); Successful test: $search = ldap_search( $ldapHandle, $ldapBaseDn, "(postaladdress=*)" ); $entries = ldap_get_entries( $ldapHandle, $search ); Expected result: ---------------- In the failed test example, I would expect $entries to contain a list of LDAP DNs and associated attributes where the postalAddress attribute matches the search parameter. Currently, it does not. Searches against non-base64-encoded attributes such as mail or telephoneNumber work as expected. Actual result: -------------- When the failed test example is run, $entries is empty because no matches are returned from the ldap_search(). ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=64392&edit=1
