On Sep 13, 2005, at 4:17 AM, Mark Rees wrote:
I've looked through php.net and scoured Google for a solution to an
issue I'm having with PHP and LDAP but have so far found nothing. I'm
trying to build an intranet site that uses the company LDAP (Active
Directory really) service but I can't seem to get around the
"Operations error" and other such messages when trying to bind.
On my server I'm running:
Fedora Core 4
Apache 2
PHP 5 compiled with OpenLDAP
I have this working with PHP5, Apache2 and Windows 2000
I must confess that I'm very new to LDAP so it is likely that my
problem is inexperience, but it seems that this issue has been
resolved by others so I'm trying to figure out what I'm doing wrong.
Same here!
To shed more light on the topic, bug #30670 [ http://bugs.php.net/
bug.php?id=30670&edit=0 ] seems to fit my situation perfectly. As
some of the posts on that bug suggest, I've tried using
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);
between ldap_connect and ldap_bind but I still get the "Operations
error" message. Everyone seems to be able to get this to work as long
as they are running PHP4, but I have yet to see (or realize I've
seen) a solution from someone using PHP5. I've also found where
"blizzards at libero dot it" has posted "When querying a windows
2000/2003 AD you MUST use only SASL and not TLS (non supported)."
- Is this true?
Are you doing an anonymous bind? If you are supplying login
credentials, be
sure that you are supplying them correctly. This was the problem I
had. If
this doesn't help, how about supplying some code?
I found this to be a very useful resouce
http://www.computerperformance.co.uk/Logon/
LDAP_attributes_active_directory.
htm
Another thing worth mentioning here is that the company I work for
has allowed us to build our own intranet system for our Dept and
offers little to no support for server specs and settings, but I will
try to get any information to the list that might be helpful.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Mark:
First off, thanks for the quick response! You asked if I am using an
anonymous bind or if my credentials are being passed correctly. I've
been trying anonymous right now as I'm only testing at this point and
wanted read only access. But, I have tried passing credentials as
well to see if our admin just doesn't allow anonymous binds. Of
course I could be doing this wrong, but I couldn't be sure. What did
you mean by 'be sure you are supplying them correctly'? I assumed
that the following would be fine:
<?php
$ds = ldap_connect('ad.server.com');
$lb = ldap_bind($ds, 'username', 'password');
// At this point the bind looks successful
// so we'll try a query
$res = ldap_search($ds, 'o=My Company,c=US','sn=S*');
// Now it will output the 'Operations error' message
// Could this happen if I specify directory entries that don't exists?
...
?>
As far as code examples go, I'm simply copying and pasting multiple
examples from multiple message threads that say something like
"Fixed" or "Got it" - as well as the examples from php.net.
So since you've got it working with PHP5 can you verify that SASL is/
is not needed to communicate to an AD 2003 server from linux? I keep
leaning towards the possibility that I need that, but can't seem to
find any way to tell for sure since the ldap_sasl_bind() function
isn't documented yet.
Thanks again!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php