ID: 25827 Updated by: [EMAIL PROTECTED] Reported By: pennington at rhodes dot edu -Status: Open +Status: Feedback Bug Type: LDAP related Operating System: Windows 2000 PHP Version: 4.3.3 New Comment:
Please provide access to this 'active directory' thing. (If you can't, we can't fix it either) Previous Comments: ------------------------------------------------------------------------ [2003-10-13 11:50:09] pennington at rhodes dot edu I added: var_dump($info[$i][$data][$jj]); to the output of the test script and got this output for the last two values of the array for that attribute: 0 1 11 memberof: CN=Domain Users,CN=Users,DC=rhodes,DC=edu string(41) "CN=Domain Users,CN=Users,DC=rhodes,DC=edu" 0 1 12 memberof: NULL Now, I know that there are 13 LDAP values for this attribute (memberof). I can see this in various LDAP tools pointed to Active Directory for this user. And, when I do a: count($info[$i][memberof]); I get 13, which is correct. As you can see, the final value has a key value in the array for this attribute, but no data is returned with that key. Obviously, PHP is not putting the last value for that attribute in the array but has created a key value to hold the data. How is this a problem in the script? Looks like a bug in PHP to me... ------------------------------------------------------------------------ [2003-10-12 22:10:52] [EMAIL PROTECTED] Some var_dump() here and there will reveal you why your script doesn't work. Not PHP bug. ------------------------------------------------------------------------ [2003-10-10 15:04:36] pennington at rhodes dot edu Description: ------------ I am querying an Active Directory server with PHP via LDAP to retrieve all of a particular user's attributes. All of that user's attributes in the LDAP directory are placed in a multi-dimensional array that I can query for a particular attribute I am interested in and return all of those values from the array by looping through that part of the array, using the correct key value. So, in other words, I am using PHP's LDAP to grab all information about a user in Active Directory and put it into a single, multi-dimensional array called $info. This array has three levels of keys, such that: $info[0][description][0] would equal Staff because that is what is set up for the description attribute for a person in Active Directory. I am then looping through the entire array looking for values set with certain keys that I am interested in, which could be holding data in any order. The problem occurs when I loop through the multi-dimensional array for attributes that share the second key, such as: $info[0][memberof] Because several different memberof attributes can be stored for a person in Active Directory, the LDAP-built array has values like: $info[0][memberof][0] = Domain Admin $info[0][memberof][1] = Finance User $info[0][memberof][2] = Local Admin and so on. If I count the number of member attributes that are actually in the LDAP server, I get a particular value, say 15. When I loop through these attributes in the array and count them up, I also get that same number. However, when I try to report back all of these attributes by printing them out, only 14 appear. In other words, while the correct number of attributes are put into the array by PHP using LDAP, one of the keys in the array has no data associated with it (and should have data associated with it). This holds true for any LDAP-created array where an LDAP attribute has more than one value associated with it. All of those values are reported back to the PHP via LDAP and keys are created in the array for all of those values, but strangely one (and only one) of the data values will disappear if a certain attribute has more than one value associated with it. Reproduce code: --------------- Here is the code I'm using to build the troubled array via PHP's LDAP. Of course, you have to authenticate to our LDAP server to do the test on a particular user, so I am not able to point to a place on the web to demonstrate this. <?php if ($name_submitted != "" && $passwd_submitted != "") { $ldap_host = "ldap://someserver.rhodes.edu"; $base_dn = "CN=Users,DC=rhodes, DC=edu"; if ($search_submitted == "") { $search_value = $name_submitted; } else { $search_value = $search_submitted; } $filter = "(CN=$search_value)"; $ldap_user = "CN=$name_submitted, CN=Users, DC=rhodes, DC=edu"; $ldap_pass = $passwd_submitted; $connect = ldap_connect( $ldap_host, $ldap_port) or exit("Could not connect to LDAP server"); // required to search AD, according to note in PHP manual notes ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); $bind = ldap_bind($connect, $ldap_user, $ldap_pass) or exit("Could not bind to $ldap_host"); echo "Successful bind to $ldap_host with $bind<br><br>\n"; $read = ldap_search($connect, $base_dn, $filter) or exit("Unable to search ldap server"); $info = ldap_get_entries($connect, $read); echo $info["count"]." entries returned for $filter<br><br>\n"; $ii=0; for ($i=0; $ii<$info[$i]["count"]; $ii++){ $data = $info[$i][$ii]; if ($data == "memberof") { $total_memberof = (count($info[$i][$data])); echo "Total memberof entries returned: $total_memberof<br><br>\n"; $total = 0; $total = count($info[$i][$data]); $jj=0; for ($jj=0; $jj<$total; $jj++) { if ($info[$i][$data][$jj] == "CN=STAFF,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu") { echo "<b>Got Staff Match</b> "; $user_type = "staff"; } elseif (($info[$i][$data][$jj] == "CN=FACULTY,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu") && $user_type == "") { echo "<b>Got Faculty Match</b> "; $user_type = "faculty"; } elseif (($info[$i][$data][$jj] == "CN=Students,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu") && $user_type == "") { echo "<b>Got Students Match</b> "; $user_type = "student"; } echo $i." ".$ii." ".$jj." ".$data.": ".$info[$i][$data][$jj]."<br>\n"; } } } ldap_unbind($connect); echo "<br><br><b>User Type is: "; switch ($user_type) { case "staff": echo "STAFF"; break; case "faculty": echo "FACULTY"; break; case "student": echo "STUDENT"; break; default: echo "UNKNOWN"; break; } echo "</b><br><br>\n"; echo "<br><br><a href=\"index.php\">Search again</a><br><br>\n"; } else { echo "<html><head></head><body>\n"; echo "<form action=\"index.php\" method=\"POST\">\n"; echo "AD User Name: <input type=\"text\" name=\"name_submitted\"><br>\n"; echo "AD Password: <input type=\"password\" name=\"passwd_submitted\"><br>\n"; echo "Search User Name: <input type=\"text\" name=\"search_submitted\"><br>\n"; echo "<input type=\"submit\" value=\"Submit\">\n"; echo "</form>\n"; echo "</body></html>\n"; } ?> Expected result: ---------------- Total memberof entries returned: 13 0 1 0 memberof: CN=STAFF_DL,OU=Distribution Lists,OU=Groups,DC=rhodes,DC=edu 0 1 1 memberof: CN=Planning,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 2 memberof: CN=FACSTAFF,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 3 memberof: CN=Council,OU=Distribution Lists,OU=Groups,DC=rhodes,DC=edu 0 1 4 memberof: CN=PRESIDENT,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 5 memberof: CN=FACTBOOK,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 6 memberof: CN=INFO_SERVICES,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 7 memberof: CN=CABINET,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 8 memberof: CN=Senior2006,OU=Distribution Lists,OU=Groups,DC=rhodes,DC=edu 0 1 9 memberof: CN=NT Users,CN=Users,DC=rhodes,DC=edu 0 1 10 memberof: CN=NTSETUP,CN=Users,DC=rhodes,DC=edu 0 1 11 memberof: CN=Domain Users,CN=Users,DC=rhodes,DC=edu 0 1 12 memberof: CN=STAFF,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu Actual result: -------------- Total memberof entries returned: 13 0 1 0 memberof: CN=STAFF_DL,OU=Distribution Lists,OU=Groups,DC=rhodes,DC=edu 0 1 1 memberof: CN=Planning,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 2 memberof: CN=FACSTAFF,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 3 memberof: CN=Council,OU=Distribution Lists,OU=Groups,DC=rhodes,DC=edu 0 1 4 memberof: CN=PRESIDENT,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 5 memberof: CN=FACTBOOK,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 6 memberof: CN=INFO_SERVICES,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 7 memberof: CN=CABINET,OU=Security Groups,OU=Groups,DC=rhodes,DC=edu 0 1 8 memberof: CN=Senior2006,OU=Distribution Lists,OU=Groups,DC=rhodes,DC=edu 0 1 9 memberof: CN=NT Users,CN=Users,DC=rhodes,DC=edu 0 1 10 memberof: CN=NTSETUP,CN=Users,DC=rhodes,DC=edu 0 1 11 memberof: CN=Domain Users,CN=Users,DC=rhodes,DC=edu 0 1 12 memberof: ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=25827&edit=1