RE: [PHP] LDAP Query

2006-05-18 Thread php 
For anyone interested: after some furhter troubleshooting, I found the error.  
The password I was passing was incorrect.  What I found interesting is that 
even though the password was incorrect, the bind function still worked.  I'm 
thinking that it logged me in as anonymous at that stage.

Our organization is migrating away from Novell E-directory to MS Active 
Directory.  I have a php class that allows me to run various queries on our 
e-directory ldap server which I am working to convert to AD.  However, I'm 
running into an error that i cannot figure out.  I have updated the base_dn to 
point tothe correct location (verified by a third party ldap browser).  Also 
added a username and password since our AD environment doesn't allow anonymous 
queries.  The error I get is 

Warning: ldap_search() [function.ldap-search]: Search: Operations error in 
/var/www/html/intranet/_php/class.ldap_test.php on line 149

On that line I have this line of code
$result = ldap_search($this-conn,$this-base_dn,$filter);

Where $this-conn evaluates to Resource id #3, $this-base_dn is the correct 
dn (ou=something,dc=domain,dc=domain_part_2) and $filter is cn=myusername

Can anyone shed some light on this?  Below is the entire method from the 
class.

   function connectldap($filter,$override=false) {
   //connect to the server
   $this-conn = ldap_connect($this-server);
   
   //if the connection failed, set the error message
   //and return false
   if(!$this-conn) {
   $this-errMsg[] = Unable to connect to server\n;
   return false;
   }
   //ldap_set_option($this-conn, LDAP_OPT_PROTOCOL_VERSION, 3);
   //bind the connection.  This function will perform an
   //anonymous query to get the full 
   $bind = @ldap_bind($this-conn,$this-ldap_user,$ldap_passwd);
   if(!$bind) {
   $this-errMsg[] =  Unable to bind to server\n;
   return false;
   }
   echo p$filter -  . $this-conn .  -  . $bind .  -  . 
 $this-base_dn 
. /p\n;
   //run the ldap query
   $result = ldap_search($this-conn,$this-base_dn,$filter);
   //if the search failed, then return false and set the error 
 message
   if(!$result) {
   $this-errMsg[] =  Search failed -  . 
 ldap_error($this-conn) . \n;
   return false;
   }
   //get the entries and store them in a variable
   $info=ldap_get_entries($this-conn,$result);
   
   //if the number of entries reutnred is zero, then the user
   //could not be found in the ldap server
   if($info[count] == 0) {
   $this-errMsg[] =  User Unknown\n;
   return false;
   }
   //otherwise, if the number of entries found is greater than 1, 
 then
   //more than one object was found.
   elseif($info[count]1  !$override) {
   $this-errMsg[] =  There was more than one user 
 found\n;
   return false;
   }
   else {
   return $info;
   }
   }

Thank you,
Robbert van Andel

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: PHP LDAP query - need to add Exchange fields

2003-12-22 Thread Phil Dowson 
Ben,

I was trying the same thing, but I am not sure you are using the same 
setup as me. My office runs a windows 2000 domain with a Exchange server 
2000 box. All profile information is stored in the windows 2000 domain 
controller, and the exchange server accesses the information from there. 
So it doesnt use its own LDAP. And to make it all the more interesting, 
this script is running on our Intranet, on a FreeBSD 5 box with the 
OpenLDAP client.

The following script will bring back all the fields available in LDAP, 
as long as they are filled out. In this script you need to have a valid 
DOMAIN_USER and a valid DOMAIN_PASS. There are ways to do this 
anonymously, you just need to change the $ldap_bind line to remove the 
$ldaprdn and $ldappass.

To change the search criteria, you can change the $filter variable, at 
the moment it filters on the domain user's userid, or samaccountname.

At the bottom of this post, I have included search results based on my 
user, I have removed everything except the fields you might want.

?
$ldapuser = DOMAIN_USER;
$ldappass = DOMAIN_PASS;
$ldaprdn  = 'DOMAIN\\'.$ldapuser;
$ldapconn = @ldap_connect(dns.domain.com, 3268);
@ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
@ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
if ($ldapconn) {
$ldapbind = @ldap_bind($ldapconn, $ldaprdn, $ldappass);
}
$base_dn = DC=dns,DC=domain,DC=com;
$filter=samaccountname=$ldapuser;
$read = ldap_search($ldapconn, $base_dn, $filter);
$info = ldap_get_entries($ldapconn, $read);
$ii=0;
for ($i=0; $ii$info[$i][count]; $ii++){
$data = $info[$i][$ii];
echo $data.:nbsp;nbsp;.$info[$i][$data][0].br;
}
?
Hope it helps

Phil Dowson

Ben Crothers wrote:
Hoping this is an easy question to answer, apologise upfront if this is so
basic, but just been put in charge of a PHP app with LDAP interface to M$
Exchange, and trying to figure out how it works.
At the moment it works fine and extracts fields like first- and surname,
title, department, etc. I need to add the 'office' field, and added it at
the end of this filter line:
---
 $filter =
(|(sn=$search[$i]*)(givenname=$search[$i]*)(title=$search[$i]*)(department=
$search[$i]*)(office=$search[$i]*));

...but so far it's not working. I *know* there's data in the 'office'
field -- any ideas as to what I'm missing?
Thanks a lot in advance,

Ben

---Field List---

homemdb:
manager:
memberof:
altrecipientbl:
publicdelegatesbl:
streetaddress:
info:
cn:
company:
c:
department:
description:
displayname:
mail:
facsimiletelephonenumber:
givenname:
initials:
instancetype:
legacyexchangedn:
l:
distinguishedname:
objectcategory:
objectclass:
objectguid:
objectsid:
homephone:
mobile:
pager:
physicaldeliveryofficename:
postofficebox:
postalcode:
primarygroupid:
proxyaddresses:
name:
samaccountname:
samaccounttype:
showinaddressbook:
st:
sn:
telephonenumber:
co:
textencodedoraddress:
title:
useraccountcontrol:
userprincipalname:
usnchanged:
usncreated:
whenchanged:
whencreated:
wwwhomepage:
mailnickname:
msexchuseraccountcontrol:
deliverandredirect:
homemta:
msexchhomeservername:
msexchmailboxguid:
msexchmailboxsecuritydescriptor:
mdbusedefaults:
protocolsettings:

---Field List---

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php