ID: 25827 Updated by: [EMAIL PROTECTED] Reported By: pennington at rhodes dot edu -Status: Open +Status: Feedback Bug Type: LDAP related Operating System: Windows 2000 PHP Version: 4.3.3 New Comment:
There is no kerberos support in PHP ldap either, and that partially works, so why would you need it with the command line binary? Previous Comments: ------------------------------------------------------------------------ [2003-10-14 11:59:27] pennington at rhodes dot edu It appears that ldapsearch at that URL is not compiled with Kerberos support, which may be required to search Active Directory LDAP servers. I'm still doing research, however... D:\openldap\bin>ldapsearch -LLL -H ldap://someserver.rhodes.edu -P 3 -D pennington -k ldapsearch: not compiled with Kerberos support I tried it with just SASL and that wasn't appreciated either: D:\openldap\bin>ldapsearch -LLL -H ldap://someserver.rhodes.edu -P 3 -D pennington -I ldap_sasl_interactive_bind_s: Unknown authentication method (86) additional info: SASL(-4): no mechanism available: Unable to find a call back: 2 Can anyone verify that Kerberos support is required to search Active Directory LDAP servers? Is anyone using the OpenLDAP ldapsearch program to search Active Directory LDAP servers? If so, what kind of command should I use to get ldapsearch to search Active Directory? I am using "CN=Users,DC=rhodes,DC=edu" for the Base DN, "CN=_search_value_" for the name to search for, and to bind to the Active Directory LDAP server, you have to use this string as the username: "CN=_authorized_user_,CN=Users,DC=rhodes,DC=edu" ------------------------------------------------------------------------ [2003-10-14 11:12:30] [EMAIL PROTECTED] PHP uses OpenLDAP libraries for ldap functionality in the windows binaries. So try your query with the openldap 'ldapsearch.exe' found in this package: http://prdownloads.sf.net/acctsync/openldap-binaries-2.1.16-04APR03.zip ------------------------------------------------------------------------ [2003-10-13 12:05:40] pennington at rhodes dot edu I obviously can't provide general access for testing to our Active Directory server, because you need an account on the Active Directory server to even search the directory, as with most LDAP servers. I find it strange that no one has seen this before, because Microsoft's Active Directory is probably the most widely-used commercial LDAP server in the world. However, it is obvious that, if an attribute has 13 values when looking at it via another LDAP query tool and if PHP thinks that it has the same number of values because it creates that many keys in the array, the error must be that PHP is not setting the last value in the array (for which there already is a key) or Active Directory is not giving the last value to PHP for it to set in the array. Is anyone else using AD and PHP/LDAP seeing similar behavior? Can we not put this in feedback mode and request more information? ------------------------------------------------------------------------ [2003-10-13 11:55:58] [EMAIL PROTECTED] Please provide access to this 'active directory' thing. (If you can't, we can't fix it either) ------------------------------------------------------------------------ [2003-10-13 11:50:09] pennington at rhodes dot edu I added: var_dump($info[$i][$data][$jj]); to the output of the test script and got this output for the last two values of the array for that attribute: 0 1 11 memberof: CN=Domain Users,CN=Users,DC=rhodes,DC=edu string(41) "CN=Domain Users,CN=Users,DC=rhodes,DC=edu" 0 1 12 memberof: NULL Now, I know that there are 13 LDAP values for this attribute (memberof). I can see this in various LDAP tools pointed to Active Directory for this user. And, when I do a: count($info[$i][memberof]); I get 13, which is correct. As you can see, the final value has a key value in the array for this attribute, but no data is returned with that key. Obviously, PHP is not putting the last value for that attribute in the array but has created a key value to hold the data. How is this a problem in the script? Looks like a bug in PHP to me... ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25827 -- Edit this bug report at http://bugs.php.net/?id=25827&edit=1