From: merrittd at dhcmc dot com
Operating system: Windows 2000SP4
PHP version: 5.0.3
PHP Bug Type: LDAP related
Bug description: lldap_search against 3rd level sub-domains not returning
results
Description:
------------
I'm not sure if this a PHP bug, an OpenLDAP issue, or my lack of LDAP
knowledge.
Trying to use ldap_search against a Windows 2000 Active Directory server.
I can get partial information I need against the CN records in the top DC
but am unable to get any record information from a sub DC. The directory
structure is like so:
|--DC=com
|--DC=dhwin2knet
|--OU=DHCMC
| |--OU=Regular Users
| |--CN=User 100
| |--CN=User 101
| |--etc
|
|--DC=dhsp
|--OU=DHSP
|--CN=User 900
|--CN=User 901
|--etc
Using the following code to search for records:
// ldap auth info
$ldap = "my_ldap_server.dhwin2knet.com"; $auth_user =
"dhwin2knet\\some_userid"; $auth_pass = 'foobar'; $base_dn =
"dc=dhwin2knet,dc=com"; $filter =
"(&(objectClass=user)(objectCategory=person)(samaccountname=*))";
// connect to server and set options
$connect = ldap_connect($ldap);
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
// bind to server
$bind = ldap_bind($connect, $auth_user, $auth_pass);
// search directory
if (!([EMAIL PROTECTED]($connect, $base_dn, $filter))) {
die("Unable to search ldap server"); }
// get the number of entries found
$number_returned = ldap_count_entries($connect,$search);
echo "The number of entries returned is " . $number_returned;
Using the above code I can return ~500 user records but this is giving me
only the users in the OUs directly below DC=dhwin2knet,DC=com and none of
the ~250 records in the sub-domain, DC=dhsp,DC=dhwin2knet,DC=com i.e.
Found: CN=User 100,OU=Regular Users,OU=DHCMC,DC=dhwin2knet,DC=com
Not found: CN=User 900,OU=DHSP,DC=dhsp,DC=dhwin2knet,DC=com
I've tried changing the user id that is connecting to the LDAP to be a
user in the dhsp sub-domain, changing the base dn to
"dc=dhsp,dc=dhwin2knet,dc=com", using different filters etc but no matter
what I'm trying I am unable to get any records returned from
DC=dhsp,DC=dhwin2knet,DC=com. I have used the Softerra LDAP Browser to
browse and verify my base dn and filter. Using the dn and filter from the
code above in LDAP Browser I am getting the ~750 entries that I am
expecting to see.
The following info on the ldap module is returned by
php_info():
LDAP Support enabled
RCS Version $Id: ldap.c,v 1.154 2004/06/28 22:31:28 iliaa Exp $
Total Links 0/unlimited
API Version 2004
Vendor Name OpenLDAP
Vendor Version 0
Reproduce code:
---------------
<?php
// ldap auth info
$ldap = "fffhp020.dhwin2knet.com";
$auth_user = "dhwin2knet\\ideasadm";
$auth_pass = 'sdrcpass';
$base_dn = "dc=dhwin2knet,dc=com";
$filter =
"(&(objectClass=user)(objectCategory=person)(samaccountname=*))";
// connect to server and set options
$connect = ldap_connect($ldap);
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
// bind to server
$bind = ldap_bind($connect, $auth_user, $auth_pass);
// search directory
if (!([EMAIL PROTECTED]($connect, $base_dn, $filter))) {
die("Unable to search ldap server");
}
$number_returned = ldap_count_entries($connect,$search);
echo "The number of entries returned is " . $number_returned;
?>
Expected result:
----------------
Would expect to see ~750 user records returned from the following OUs:
OU=DHCMC,DC=dhwin2knet,DC=com - ~500 records
OU=DHSP,DC=dhsp,DC=dhwin2knet,DC=com - ~250 records
Actual result:
--------------
Only getting ~500 users returned from OU=DHCMC,DC=dhwin2knet,DC=com with
none of the ~250 records being returned from
OU=DHSP,DC=dhsp,DC=dhwin2knet,DC=com
--
Edit bug report at http://bugs.php.net/?id=31703&edit=1
--
Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=31703&r=trysnapshot4
Try a CVS snapshot (php5.0):
http://bugs.php.net/fix.php?id=31703&r=trysnapshot50
Try a CVS snapshot (php5.1):
http://bugs.php.net/fix.php?id=31703&r=trysnapshot51
Fixed in CVS: http://bugs.php.net/fix.php?id=31703&r=fixedcvs
Fixed in release: http://bugs.php.net/fix.php?id=31703&r=alreadyfixed
Need backtrace: http://bugs.php.net/fix.php?id=31703&r=needtrace
Need Reproduce Script: http://bugs.php.net/fix.php?id=31703&r=needscript
Try newer version: http://bugs.php.net/fix.php?id=31703&r=oldversion
Not developer issue: http://bugs.php.net/fix.php?id=31703&r=support
Expected behavior: http://bugs.php.net/fix.php?id=31703&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=31703&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=31703&r=submittedtwice
register_globals: http://bugs.php.net/fix.php?id=31703&r=globals
PHP 3 support discontinued: http://bugs.php.net/fix.php?id=31703&r=php3
Daylight Savings: http://bugs.php.net/fix.php?id=31703&r=dst
IIS Stability: http://bugs.php.net/fix.php?id=31703&r=isapi
Install GNU Sed: http://bugs.php.net/fix.php?id=31703&r=gnused
Floating point limitations: http://bugs.php.net/fix.php?id=31703&r=float
No Zend Extensions: http://bugs.php.net/fix.php?id=31703&r=nozend
MySQL Configuration Error: http://bugs.php.net/fix.php?id=31703&r=mysqlcfg
