ID: 31703
Updated by: [EMAIL PROTECTED]
Reported By: merrittd at dhcmc dot com
-Status: Open
+Status: Wont fix
Bug Type: Feature/Change Request
Operating System: Windows 2000SP4
PHP Version: 5.0.3
New Comment:
Thanks for the constructive feedback.
Previous Comments:
------------------------------------------------------------------------
[2005-02-07 16:26:08] merrittd at dhcmc dot com
I wasn't forcing _YOU_ to test my code! I have the code I need working
with a work around for what is definitely an issue with _YOUR_
ldap_search being unable to retrieve/search a third level DC record.
All I was simply trying to do was be of help and alert you to an issue
with ldap_search. I sure as hell don't need surly responses back from
this system for trying to be of some help back to the PHP community.
Using other pieces of software i.e. Softerra LDAP browser, to verify
the LDAP structure, I can successfully retrieve the CN records from a
third level DC. Plug the same structure into the PHP code and using
ldap_search no records are returned. Back up one level in the structure
to a second level DC and ldap_search will return records all day long.
Do _YOU_ want to call this an issue with ldap_search or not? I really
don't give a flying f*ck 'cause I have what I need working. Thank you
very much.
------------------------------------------------------------------------
[2005-02-05 17:21:08] [EMAIL PROTECTED]
Find out first if it's openldap issue or your knowledge by asking the
mailing lists. Don't try forcing _US_ to test it.
------------------------------------------------------------------------
[2005-01-26 15:47:10] merrittd at dhcmc dot com
Description:
------------
I'm not sure if this a PHP bug, an OpenLDAP issue, or my lack of LDAP
knowledge.
Trying to use ldap_search against a Windows 2000 Active Directory
server. I can get partial information I need against the CN records in
the top DC but am unable to get any record information from a sub DC.
The directory structure is like so:
|--DC=com
|--DC=dhwin2knet
|--OU=DHCMC
| |--OU=Regular Users
| |--CN=User 100
| |--CN=User 101
| |--etc
|
|--DC=dhsp
|--OU=DHSP
|--CN=User 900
|--CN=User 901
|--etc
Using the following code to search for records:
// ldap auth info
$ldap = "my_ldap_server.dhwin2knet.com"; $auth_user =
"dhwin2knet\\some_userid"; $auth_pass = 'foobar'; $base_dn =
"dc=dhwin2knet,dc=com"; $filter =
"(&(objectClass=user)(objectCategory=person)(samaccountname=*))";
// connect to server and set options
$connect = ldap_connect($ldap);
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
// bind to server
$bind = ldap_bind($connect, $auth_user, $auth_pass);
// search directory
if (!([EMAIL PROTECTED]($connect, $base_dn, $filter))) {
die("Unable to search ldap server"); }
// get the number of entries found
$number_returned = ldap_count_entries($connect,$search);
echo "The number of entries returned is " . $number_returned;
Using the above code I can return ~500 user records but this is giving
me only the users in the OUs directly below DC=dhwin2knet,DC=com and
none of the ~250 records in the sub-domain, DC=dhsp,DC=dhwin2knet,DC=com
i.e.
Found: CN=User 100,OU=Regular Users,OU=DHCMC,DC=dhwin2knet,DC=com
Not found: CN=User 900,OU=DHSP,DC=dhsp,DC=dhwin2knet,DC=com
I've tried changing the user id that is connecting to the LDAP to be a
user in the dhsp sub-domain, changing the base dn to
"dc=dhsp,dc=dhwin2knet,dc=com", using different filters etc but no
matter what I'm trying I am unable to get any records returned from
DC=dhsp,DC=dhwin2knet,DC=com. I have used the Softerra LDAP Browser to
browse and verify my base dn and filter. Using the dn and filter from
the code above in LDAP Browser I am getting the ~750 entries that I am
expecting to see.
The following info on the ldap module is returned by
php_info():
LDAP Support enabled
RCS Version $Id: ldap.c,v 1.154 2004/06/28 22:31:28 iliaa Exp $
Total Links 0/unlimited
API Version 2004
Vendor Name OpenLDAP
Vendor Version 0
Reproduce code:
---------------
<?php
// ldap auth info
$ldap = "fffhp020.dhwin2knet.com";
$auth_user = "dhwin2knet\\ideasadm";
$auth_pass = 'sdrcpass';
$base_dn = "dc=dhwin2knet,dc=com";
$filter =
"(&(objectClass=user)(objectCategory=person)(samaccountname=*))";
// connect to server and set options
$connect = ldap_connect($ldap);
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
// bind to server
$bind = ldap_bind($connect, $auth_user, $auth_pass);
// search directory
if (!([EMAIL PROTECTED]($connect, $base_dn, $filter))) {
die("Unable to search ldap server");
}
$number_returned = ldap_count_entries($connect,$search);
echo "The number of entries returned is " . $number_returned;
?>
Expected result:
----------------
Would expect to see ~750 user records returned from the following OUs:
OU=DHCMC,DC=dhwin2knet,DC=com - ~500 records
OU=DHSP,DC=dhsp,DC=dhwin2knet,DC=com - ~250 records
Actual result:
--------------
Only getting ~500 users returned from OU=DHCMC,DC=dhwin2knet,DC=com
with none of the ~250 records being returned from
OU=DHSP,DC=dhsp,DC=dhwin2knet,DC=com
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=31703&edit=1
