ID: 14693 Updated by: venaas Reported By: [EMAIL PROTECTED] Old Status: Open Status: Closed Bug Type: LDAP related Operating System: Sun Solaris 2.7 (32 bit) PHP Version: 4.1.0 New Comment:
You are right, there is one problem with PHP's ldap_search(). This is a bit hard to explain, but when you search at dc=hr, there are both entries returned, and referrals (continuation references). If you're using LDAPv2 (which is default with OpenLDAP API), the result of the search won't be LDAP_SUCCESS, and PHP's ldap_search() won't return any results (even though some entries were found). I wanted to fix this a while ago, and at the same time be backwards compatible. I also wanted to have a way of doing parallel searches. ldap_search() will do a parallel search if the first argument is an array of link identifiers. It will then return an array of results instead of a single result. You can also use arrays for bases and filters if you don't want the same base and filter for all. I also made ldap_search() return results even if not LDAP_SUCCESS. Here is an example on how this can be used to get both entries and referrals with LDAPv2: $ds=ldap_connect("ds.carnet.hr"); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); $r=ldap_bind($ds); $dn = 'dc=hr'; $filter="(ou=*)"; $srs=ldap_search(array($ds), $dn, $filter); $sr=$srs[0]; $info = ldap_get_entries($ds, $sr); ldap_parse_result($ds, $sr, $errcode, $matcheddn, $errmsg, $referrals); var_dump($info, $errcode, $matcheddn, $errmsg, $referrals); Here I use parallel search, even though I only have one server, just to get hold of the results. ldap_parse_result() is used to get the referrals and possibly other info in the result message. It could be possible to search all the referrals (even in parallel) to get more data, but when using LDAPv2 you don't get the bases, so that is problematic. Compare output of ldapsearch -h"ds.carnet.hr" -b"dc=hr" with ldapsearch -x -P2 -h"ds.carnet.hr" -b"dc=hr" Using LDAPv3 for the initial search you would get the bases also. You can tell OpenLDAP to chase the referrals (if v3) or give them back to you. It can't chase them with v2, it would then try with wrong base and get "no such object". Because of this mess, I've only added referrals for v3 servers at ldap://ldap.uninett.no/dc=no There is one problem with PHP and parallel searches though. It was added in 4.0.5, and works in 4.0.6, but is broken in 4.1.0. I noticed this thanks to you, and I've nox fixed it so that hopefully it will work again in 4.1.1. You can make it work in 4.1.0 by changing ldap.c as shown at http://cvs.php.net/diff.php/php4/ext/ldap/ldap.c?r1=1.112&r2=1.113&ty=u Everything I said about ldap_search() also hold for ldap_list() and ldap_read(). Previous Comments: ------------------------------------------------------------------------ [2001-12-25 18:27:32] [EMAIL PROTECTED] Thanks for fast answer, right now it works. Why I think it is bug, simply I write code you saw in bug report, but I also test with dc=srce,dc=hr (few more) and it worked fine, I only got warnings when I put dc=hr . I use OpenLdap 2.0.19, and v2 and v3 protocol, with referrals, ds.carnet.hr is national LDAP server with base DN dc=hr. So in one moment LDAP function use v3 and on onther v2 protocol, that is very confused. Right away I check my configuration, and I think maybe is misfunctionality (bug) :) ... whay I think so 1. My server a able to answer on v2 and v3 standard, in that case at least I will expect to got 0 for answer 2. Ldap Browser 2.8.2 by Jarek Gawor (jar) return "No entries mached" for same search using v2 protocol. My I sugest to implement that feature in some of next realeas of LDAP functions for PHP. ------------------------------------------------------------------------ [2001-12-25 17:35:36] [EMAIL PROTECTED] The problem has to do with continuation reference and which LDAP version you use. Most LDAP libs default to v2. Please try the following script (worked for me): $ds=ldap_connect("ds.carnet.hr"); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_REFERRALS, 1); $r=ldap_bind($ds); $dn = 'dc=hr'; $filter="(o=*)"; $justthese = array( "dc"); $sr=ldap_search($ds, $dn, $filter, $justthese); $info = ldap_get_entries($ds, $sr); ldap_close($ds); var_dump($info); I've told it to use v3, and also to follow referrals. You can probably omit the referrals setting, I think that's the default, but depends on library. I also suggest you try: $ds=ldap_connect("ds.carnet.hr"); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); $r=ldap_bind($ds); $dn = 'dc=hr'; $filter="(objectclass=*)"; $justthese = array( "dc"); $sr=ldap_search($ds, $dn, $filter, $justthese); $info = ldap_get_entries($ds, $sr); ldap_close($ds); var_dump($info); I'm closing this since I don't think there's a problem. Reopen if you disagree. ------------------------------------------------------------------------ [2001-12-25 17:08:01] [EMAIL PROTECTED] <script LANGUAGE="PHP"> $ds=ldap_connect("ds.carnet.hr"); $r=ldap_bind($ds); $dn = 'dc=hr'; $filter="(o=*)"; $justthese = array( "dc"); $sr=ldap_search($ds, $dn, $filter, $justthese); $info = ldap_get_entries($ds, $sr); print $info["count"]." entries returned<p>"; ldap_close($ds); </script> Warning: LDAP: Unable to perform the search: No such object in /web/www/htdocs/ltest/bug.php on line 11 Warning: Supplied argument is not a valid ldap result resource in /web/www/htdocs/ltest/bug.php on line 13 entries returned - When puting $dn equal anything else then single signed base name (dc=<something>), script work without warning. ./configure --with-mysql --with-gd --with-ldap=/home/ldap/ldap --with-config-file-path=/usr/local/apache --prefix=/usr/local/apache --enable-ftp --with-ftp --enable-track-vars --with-apache=/opt/apache_1.3.22 --with-curl=/usr/local ------------------------------------------------------------------------ Edit this bug report at http://bugs.php.net/?id=14693&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]