From: pennington at rhodes dot edu
Operating system: Windows 2000
PHP version: 4.3.3
PHP Bug Type: LDAP related
Bug description: PHP LDAP queries against Active Directory return incomplete arrays
Description:
------------
I am querying an Active Directory server with PHP via LDAP to retrieve all
of a particular user's attributes. All of that user's attributes in the
LDAP directory are placed in a multi-dimensional array that I can query
for a particular attribute I am interested in and return all of those
values from the array by looping through that part of the array, using the
correct key value.
So, in other words, I am using PHP's LDAP to grab all information about a
user in Active Directory and put it into a single, multi-dimensional array
called $info. This array has three levels of keys, such that:
$info[0][description][0]
would equal
Staff
because that is what is set up for the description attribute for a person
in Active Directory. I am then looping through the entire array looking
for values set with certain keys that I am interested in, which could be
holding data in any order.
The problem occurs when I loop through the multi-dimensional array for
attributes that share the second key, such as:
$info[0][memberof]
Because several different memberof attributes can be stored for a person
in Active Directory, the LDAP-built array has values like:
$info[0][memberof][0] = Domain Admin
$info[0][memberof][1] = Finance User
$info[0][memberof][2] = Local Admin
and so on. If I count the number of member attributes that are actually in
the LDAP server, I get a particular value, say 15. When I loop through
these attributes in the array and count them up, I also get that same
number. However, when I try to report back all of these attributes by
printing them out, only 14 appear.
In other words, while the correct number of attributes are put into the
array by PHP using LDAP, one of the keys in the array has no data
associated with it (and should have data associated with it). This holds
true for any LDAP-created array where an LDAP attribute has more than one
value associated with it. All of those values are reported back to the PHP
via LDAP and keys are created in the array for all of those values, but
strangely one (and only one) of the data values will disappear if a
certain attribute has more than one value associated with it.
Reproduce code:
---------------
Here is the code I'm using to build the troubled array via PHP's LDAP. Of
course, you have to authenticate to our LDAP server to do the test on a
particular user, so I am not able to point to a place on the web to
demonstrate this.
<?php
if ($name_submitted != "" && $passwd_submitted != "") {
$ldap_host = "ldap://someserver.rhodes.edu";;
$base_dn = "CN=Users,DC=rhodes, DC=edu";
if ($search_submitted == "") {
$search_value = $name_submitted;
} else {
$search_value = $search_submitted;
}
$filter = "(CN=$search_value)";
$ldap_user = "CN=$name_submitted, CN=Users, DC=rhodes, DC=edu";
$ldap_pass = $passwd_submitted;
$connect = ldap_connect( $ldap_host, $ldap_port)
or exit("Could not connect to LDAP server");
// required to search AD, according to note in PHP manual notes
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
$bind = ldap_bind($connect, $ldap_user, $ldap_pass)
or exit("Could not bind to $ldap_host");
echo "Successful bind to $ldap_host with $bind<br><br>\n";
$read = ldap_search($connect, $base_dn, $filter)
or exit("Unable to search ldap server");
$info = ldap_get_entries($connect, $read);
echo $info["count"]." entries returned for $filter<br><br>\n";
$ii=0;
for ($i=0; $ii<$info[$i]["count"]; $ii++){
$data = $info[$i][$ii];
if ($data == "memberof") {
$total_memberof = (count($info[$i][$data]));
echo "Total memberof entries returned:
$total_memberof<br><br>\n";
$total = 0;
$total = count($info[$i][$data]);
$jj=0;
for ($jj=0; $jj<$total; $jj++) {
if ($info[$i][$data][$jj] == "CN=STAFF,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu") {
echo "<b>Got Staff Match</b> ";
$user_type = "staff";
} elseif (($info[$i][$data][$jj] ==
"CN=FACULTY,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu") && $user_type == "") {
echo "<b>Got Faculty Match</b> ";
$user_type = "faculty";
} elseif (($info[$i][$data][$jj] ==
"CN=Students,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu") && $user_type == "") {
echo "<b>Got Students Match</b> ";
$user_type = "student";
}
echo $i." ".$ii." ".$jj."
".$data.": ".$info[$i][$data][$jj]."<br>\n";
}
}
}
ldap_unbind($connect);
echo "<br><br><b>User Type is: ";
switch ($user_type) {
case "staff":
echo "STAFF";
break;
case "faculty":
echo "FACULTY";
break;
case "student":
echo "STUDENT";
break;
default:
echo "UNKNOWN";
break;
}
echo "</b><br><br>\n";
echo "<br><br><a href=\"index.php\">Search again</a><br><br>\n";
} else {
echo "<html><head></head><body>\n";
echo "<form action=\"index.php\" method=\"POST\">\n";
echo "AD User Name: <input type=\"text\" name=\"name_submitted\"><br>\n";
echo "AD Password: <input type=\"password\"
name=\"passwd_submitted\"><br>\n";
echo "Search User Name: <input type=\"text\"
name=\"search_submitted\"><br>\n";
echo "<input type=\"submit\" value=\"Submit\">\n";
echo "</form>\n";
echo "</body></html>\n";
}
?>
Expected result:
----------------
Total memberof entries returned: 13
0 1 0 memberof: CN=STAFF_DL,OU=Distribution
Lists,OU=Groups,DC=rhodes,DC=edu
0 1 1 memberof: CN=Planning,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu
0 1 2 memberof: CN=FACSTAFF,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu
0 1 3 memberof: CN=Council,OU=Distribution
Lists,OU=Groups,DC=rhodes,DC=edu
0 1 4 memberof: CN=PRESIDENT,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu
0 1 5 memberof: CN=FACTBOOK,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu
0 1 6 memberof: CN=INFO_SERVICES,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu
0 1 7 memberof: CN=CABINET,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu
0 1 8 memberof: CN=Senior2006,OU=Distribution
Lists,OU=Groups,DC=rhodes,DC=edu
0 1 9 memberof: CN=NT Users,CN=Users,DC=rhodes,DC=edu
0 1 10 memberof: CN=NTSETUP,CN=Users,DC=rhodes,DC=edu
0 1 11 memberof: CN=Domain Users,CN=Users,DC=rhodes,DC=edu
0 1 12 memberof: CN=STAFF,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu
Actual result:
--------------
Total memberof entries returned: 13
0 1 0 memberof: CN=STAFF_DL,OU=Distribution
Lists,OU=Groups,DC=rhodes,DC=edu
0 1 1 memberof: CN=Planning,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu
0 1 2 memberof: CN=FACSTAFF,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu
0 1 3 memberof: CN=Council,OU=Distribution
Lists,OU=Groups,DC=rhodes,DC=edu
0 1 4 memberof: CN=PRESIDENT,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu
0 1 5 memberof: CN=FACTBOOK,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu
0 1 6 memberof: CN=INFO_SERVICES,OU=Security
Groups,OU=Groups,DC=rhodes,DC=edu
0 1 7 memberof: CN=CABINET,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu
0 1 8 memberof: CN=Senior2006,OU=Distribution
Lists,OU=Groups,DC=rhodes,DC=edu
0 1 9 memberof: CN=NT Users,CN=Users,DC=rhodes,DC=edu
0 1 10 memberof: CN=NTSETUP,CN=Users,DC=rhodes,DC=edu
0 1 11 memberof: CN=Domain Users,CN=Users,DC=rhodes,DC=edu
0 1 12 memberof:
--
Edit bug report at http://bugs.php.net/?id=25827&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25827&r=trysnapshot4
Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25827&r=trysnapshot5
Fixed in CVS: http://bugs.php.net/fix.php?id=25827&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=25827&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=25827&r=needtrace
Try newer version: http://bugs.php.net/fix.php?id=25827&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=25827&r=support
Expected behavior: http://bugs.php.net/fix.php?id=25827&r=notwrong
Not enough info: http://bugs.php.net/fix.php?id=25827&r=notenoughinfo
Submitted twice: http://bugs.php.net/fix.php?id=25827&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=25827&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25827&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=25827&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=25827&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=25827&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=25827&r=float
