ID: 31703 Updated by: [EMAIL PROTECTED] Reported By: merrittd at dhcmc dot com -Status: Open +Status: Wont fix Bug Type: Feature/Change Request Operating System: Windows 2000SP4 PHP Version: 5.0.3 New Comment:
Thanks for the constructive feedback. Previous Comments: ------------------------------------------------------------------------ [2005-02-07 16:26:08] merrittd at dhcmc dot com I wasn't forcing _YOU_ to test my code! I have the code I need working with a work around for what is definitely an issue with _YOUR_ ldap_search being unable to retrieve/search a third level DC record. All I was simply trying to do was be of help and alert you to an issue with ldap_search. I sure as hell don't need surly responses back from this system for trying to be of some help back to the PHP community. Using other pieces of software i.e. Softerra LDAP browser, to verify the LDAP structure, I can successfully retrieve the CN records from a third level DC. Plug the same structure into the PHP code and using ldap_search no records are returned. Back up one level in the structure to a second level DC and ldap_search will return records all day long. Do _YOU_ want to call this an issue with ldap_search or not? I really don't give a flying f*ck 'cause I have what I need working. Thank you very much. ------------------------------------------------------------------------ [2005-02-05 17:21:08] [EMAIL PROTECTED] Find out first if it's openldap issue or your knowledge by asking the mailing lists. Don't try forcing _US_ to test it. ------------------------------------------------------------------------ [2005-01-26 15:47:10] merrittd at dhcmc dot com Description: ------------ I'm not sure if this a PHP bug, an OpenLDAP issue, or my lack of LDAP knowledge. Trying to use ldap_search against a Windows 2000 Active Directory server. I can get partial information I need against the CN records in the top DC but am unable to get any record information from a sub DC. The directory structure is like so: |--DC=com |--DC=dhwin2knet |--OU=DHCMC | |--OU=Regular Users | |--CN=User 100 | |--CN=User 101 | |--etc | |--DC=dhsp |--OU=DHSP |--CN=User 900 |--CN=User 901 |--etc Using the following code to search for records: // ldap auth info $ldap = "my_ldap_server.dhwin2knet.com"; $auth_user = "dhwin2knet\\some_userid"; $auth_pass = 'foobar'; $base_dn = "dc=dhwin2knet,dc=com"; $filter = "(&(objectClass=user)(objectCategory=person)(samaccountname=*))"; // connect to server and set options $connect = ldap_connect($ldap); ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); // bind to server $bind = ldap_bind($connect, $auth_user, $auth_pass); // search directory if (!([EMAIL PROTECTED]($connect, $base_dn, $filter))) { die("Unable to search ldap server"); } // get the number of entries found $number_returned = ldap_count_entries($connect,$search); echo "The number of entries returned is " . $number_returned; Using the above code I can return ~500 user records but this is giving me only the users in the OUs directly below DC=dhwin2knet,DC=com and none of the ~250 records in the sub-domain, DC=dhsp,DC=dhwin2knet,DC=com i.e. Found: CN=User 100,OU=Regular Users,OU=DHCMC,DC=dhwin2knet,DC=com Not found: CN=User 900,OU=DHSP,DC=dhsp,DC=dhwin2knet,DC=com I've tried changing the user id that is connecting to the LDAP to be a user in the dhsp sub-domain, changing the base dn to "dc=dhsp,dc=dhwin2knet,dc=com", using different filters etc but no matter what I'm trying I am unable to get any records returned from DC=dhsp,DC=dhwin2knet,DC=com. I have used the Softerra LDAP Browser to browse and verify my base dn and filter. Using the dn and filter from the code above in LDAP Browser I am getting the ~750 entries that I am expecting to see. The following info on the ldap module is returned by php_info(): LDAP Support enabled RCS Version $Id: ldap.c,v 1.154 2004/06/28 22:31:28 iliaa Exp $ Total Links 0/unlimited API Version 2004 Vendor Name OpenLDAP Vendor Version 0 Reproduce code: --------------- <?php // ldap auth info $ldap = "fffhp020.dhwin2knet.com"; $auth_user = "dhwin2knet\\ideasadm"; $auth_pass = 'sdrcpass'; $base_dn = "dc=dhwin2knet,dc=com"; $filter = "(&(objectClass=user)(objectCategory=person)(samaccountname=*))"; // connect to server and set options $connect = ldap_connect($ldap); ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($connect, LDAP_OPT_REFERRALS, 0); // bind to server $bind = ldap_bind($connect, $auth_user, $auth_pass); // search directory if (!([EMAIL PROTECTED]($connect, $base_dn, $filter))) { die("Unable to search ldap server"); } $number_returned = ldap_count_entries($connect,$search); echo "The number of entries returned is " . $number_returned; ?> Expected result: ---------------- Would expect to see ~750 user records returned from the following OUs: OU=DHCMC,DC=dhwin2knet,DC=com - ~500 records OU=DHSP,DC=dhsp,DC=dhwin2knet,DC=com - ~250 records Actual result: -------------- Only getting ~500 users returned from OU=DHCMC,DC=dhwin2knet,DC=com with none of the ~250 records being returned from OU=DHSP,DC=dhsp,DC=dhwin2knet,DC=com ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=31703&edit=1