From: pennington at rhodes dot edu Operating system: Windows 2000 PHP version: 4.3.3 PHP Bug Type: LDAP related Bug description: PHP LDAP queries against Active Directory return incomplete arrays
Description: ------------ I am querying an Active Directory server with PHP via LDAP to retrieve all of a particular user's attributes. All of that user's attributes in the LDAP directory are placed in a multi-dimensional array that I can query for a particular attribute I am interested in and return all of those values from the array by looping through that part of the array, using the correct key value. So, in other words, I am using PHP's LDAP to grab all information about a user in Active Directory and put it into a single, multi-dimensional array called $info. This array has three levels of keys, such that: $info[0][description][0] would equal Staff because that is what is set up for the description attribute for a person in Active Directory. I am then looping through the entire array looking for values set with certain keys that I am interested in, which could be holding data in any order. The problem occurs when I loop through the multi-dimensional array for attributes that share the second key, such as: $info[0][memberof] Because several different memberof attributes can be stored for a person in Active Directory, the LDAP-built array has values like: $info[0][memberof][0] = Domain Admin $info[0][memberof][1] = Finance User $info[0][memberof][2] = Local Admin and so on. If I count the number of member attributes that are actually in the LDAP server, I get a particular value, say 15. When I loop through these attributes in the array and count them up, I also get that same number. However, when I try to report back all of these attributes by printing them out, only 14 appear. In other words, while the correct number of attributes are put into the array by PHP using LDAP, one of the keys in the array has no data associated with it (and should have data associated with it). This holds true for any LDAP-created array where an LDAP attribute has more than one value associated with it. All of those values are reported back to the PHP via LDAP and keys are created in the array for all of those values, but strangely one (and only one) of the data values will disappear if a certain attribute has more than one value associated with it. Reproduce code: --------------- Here is the code I'm using to build the troubled array via PHP's LDAP. Of course, you have to authenticate to our LDAP server to do the test on a particular user, so I am not able to point to a place on the web to demonstrate this. <?php if ($name_submitted != "" && $passwd_submitted != "") { $ldap_host = "ldap://someserver.rhodes.edu"; $base_dn = "CN=Users,DC=rhodes, DC=edu"; if ($search_submitted == "") { $search_value = $name_submitted; } else { $search_value = $search_submitted; } $filter = "(CN=$search_value)"; $ldap_user = "CN=$name_submitted, CN=Users, DC=rhodes, DC=edu"; $ldap_pass = $passwd_submitted; $connect = ldap_connect( $ldap_host, $ldap_port) or exit("Could not connect to LDAP server"); // required to search AD, according to note in PHP manual notes ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); $bind = ldap_bind($connect, $ldap_user, $ldap_pass) or exit("Could not bind to $ldap_host"); echo "Successful bind to $ldap_host with $bind<br><br>\n"; $read = ldap_search($connect, $base_dn, $filter) or exit("Unable to search ldap server"); $info = ldap_get_entries($connect, $read); echo $info["count"]." entries returned for $filter<br><br>\n"; $ii=0; for ($i=0; $ii<$info[$i]["count"]; $ii++){ $data = $info[$i][$ii]; if ($data == "memberof") { $total_memberof = (count($info[$i][$data])); echo "Total memberof entries returned: $total_memberof<br><br>\n"; $total = 0; $total = count($info[$i][$data]); $jj=0; for ($jj=0; $jj<$total; $jj++) { if ($info[$i][$data][$jj] == "CN=STAFF,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu") { echo "<b>Got Staff Match</b> "; $user_type = "staff"; } elseif (($info[$i][$data][$jj] == "CN=FACULTY,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu") && $user_type == "") { echo "<b>Got Faculty Match</b> "; $user_type = "faculty"; } elseif (($info[$i][$data][$jj] == "CN=Students,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu") && $user_type == "") { echo "<b>Got Students Match</b> "; $user_type = "student"; } echo $i." ".$ii." ".$jj." ".$data.": ".$info[$i][$data][$jj]."<br>\n"; } } } ldap_unbind($connect); echo "<br><br><b>User Type is: "; switch ($user_type) { case "staff": echo "STAFF"; break; case "faculty": echo "FACULTY"; break; case "student": echo "STUDENT"; break; default: echo "UNKNOWN"; break; } echo "</b><br><br>\n"; echo "<br><br><a href=\"index.php\">Search again</a><br><br>\n"; } else { echo "<html><head></head><body>\n"; echo "<form action=\"index.php\" method=\"POST\">\n"; echo "AD User Name: <input type=\"text\" name=\"name_submitted\"><br>\n"; echo "AD Password: <input type=\"password\" name=\"passwd_submitted\"><br>\n"; echo "Search User Name: <input type=\"text\" name=\"search_submitted\"><br>\n"; echo "<input type=\"submit\" value=\"Submit\">\n"; echo "</form>\n"; echo "</body></html>\n"; } ?> Expected result: ---------------- Total memberof entries returned: 13 0 1 0 memberof: CN=STAFF_DL,OU=Distribution Lists,OU=Groups,DC=rhodes,DC=edu 0 1 1 memberof: CN=Planning,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 2 memberof: CN=FACSTAFF,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 3 memberof: CN=Council,OU=Distribution Lists,OU=Groups,DC=rhodes,DC=edu 0 1 4 memberof: CN=PRESIDENT,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 5 memberof: CN=FACTBOOK,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 6 memberof: CN=INFO_SERVICES,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 7 memberof: CN=CABINET,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 8 memberof: CN=Senior2006,OU=Distribution Lists,OU=Groups,DC=rhodes,DC=edu 0 1 9 memberof: CN=NT Users,CN=Users,DC=rhodes,DC=edu 0 1 10 memberof: CN=NTSETUP,CN=Users,DC=rhodes,DC=edu 0 1 11 memberof: CN=Domain Users,CN=Users,DC=rhodes,DC=edu 0 1 12 memberof: CN=STAFF,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu Actual result: -------------- Total memberof entries returned: 13 0 1 0 memberof: CN=STAFF_DL,OU=Distribution Lists,OU=Groups,DC=rhodes,DC=edu 0 1 1 memberof: CN=Planning,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 2 memberof: CN=FACSTAFF,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 3 memberof: CN=Council,OU=Distribution Lists,OU=Groups,DC=rhodes,DC=edu 0 1 4 memberof: CN=PRESIDENT,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 5 memberof: CN=FACTBOOK,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 6 memberof: CN=INFO_SERVICES,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 7 memberof: CN=CABINET,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 8 memberof: CN=Senior2006,OU=Distribution Lists,OU=Groups,DC=rhodes,DC=edu 0 1 9 memberof: CN=NT Users,CN=Users,DC=rhodes,DC=edu 0 1 10 memberof: CN=NTSETUP,CN=Users,DC=rhodes,DC=edu 0 1 11 memberof: CN=Domain Users,CN=Users,DC=rhodes,DC=edu 0 1 12 memberof: -- Edit bug report at http://bugs.php.net/?id=25827&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25827&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25827&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=25827&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=25827&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=25827&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=25827&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=25827&r=support Expected behavior: http://bugs.php.net/fix.php?id=25827&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=25827&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=25827&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=25827&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25827&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=25827&r=dst IIS Stability: http://bugs.php.net/fix.php?id=25827&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=25827&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=25827&r=float