The environment is a single server running Win Server 2008 R2 Standard with SP1 with Apache 2.2 and PHP 5.3.19.

I have a PHP script that attempts to do an LDAP bind to the Win Server 2008 R2 Active Directory and fails no matter what variations I try. I put in a lot of echos to see the results at each step, and I've discovered that ldap_connect ALWAYS connects. I can put total garbage in the URL and it never fails. The latest iteration of my PHP script does an anonymous bind, then does an ldap_search, which fails.

Here's the script (actual domain, user & pswd changed):

<?php

define(LDAP_OPT_DIAGNOSTIC_MESSAGE, 0x0032);

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
echo "<br>LDAP set debug level: " . ldap_errno($ad) . ' ' . ldap_error($ad);

$LDAPhost = 'ldap://myDomain.com';
$LDAPport = '3268';
$ad = ldap_connect($LDAPhost, $LDAPport);
echo "<br>LDAP connect to $LDAPhost: " . ldap_errno($ad) . ' ' . ldap_error($ad);

if ($ad) {

ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
echo "<br>LDAP set protocol to version 3: " . ldap_errno($ad) . ' ' . ldap_error($ad);

ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);
echo "<br>LDAP set referrals to 0: " . ldap_errno($ad) . ' ' . ldap_error($ad);

$bind = ldap_bind($ad);
echo "<br>LDAP bind: " . ldap_errno($ad) . ' ' . ldap_error($ad);

$baseDN = 'CN=Users,DC=myDomain,DC=com';
$filter = '(objectClass=*)';
$search = ldap_search($ad, $baseDN, $filter);
echo "<br>LDAP search $baseDN $filter: " . ldap_errno($ad) . ' ' . ldap_error($ad);

if ($rec = ldap_get_entries($ad, $search)) {
echo "<br>LDAP get entries: " . ldap_errno($ad) . ' ' . ldap_error($ad);

for ($i = 0; $i < $rec["count"]; $i++) {

echo "<br>$rec[0]['uid'][0]";
echo "<br>$rec[0]['givenname'][0]";

}

} else {
echo '<br>Record not found.';
}

ldap_close($ad);
} else {
echo '<br><br>Could not connect.';
}
?>

The displayed results are:

LDAP set debug level:
LDAP connect to ldap://myDomain.com: 0 Success
LDAP set protocol to version 3: 0 Success
LDAP set referrals to 0: 0 Success
LDAP bind: 0 Success
LDAP search CN=Users,DC=myDomain,DC=com (objectClass=*): 1 Operations error
Record not found.

I would love to know exactly what to put as the base DN, i.e. what is ldap_bind comparing these values to? Something in Active Directory? Something in the registry? Something else?

Searching for this stuff turns up lots of examples, but none that work for me. Any ideas?

--
*Peter Dow* /
Dow Software Services, Inc.
909 793-9050
petercdow@xxxxxxxxx <mailto:petercdow@xxxxxxxxx>
pdow@xxxxxxxxxxxxxx <mailto:pdow@xxxxxxxxxxxxxx>/


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.