Re: Re: PHP 5, LDAP/Active Directory: fixed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mark,

Thanks for all the help! Turns out I was right when I said my problem may have been inexperience. Your suggestion of "DC=domain,DC=com" worked and everything is functioning great! Thanks again!


On Sep 14, 2005, at 4:35 AM, Mark Rees wrote:

On my server I'm running:
Fedora Core 4
Apache 2
PHP 5 compiled with OpenLDAP



To shed more light on the topic, bug #30670 [ http://bugs.php.net/
bug.php?id=30670&edit=0 ] seems to fit my situation perfectly. As
some of the posts on that bug suggest, I've tried using
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);
between ldap_connect and ldap_bind but I still get the "Operations
error" message. Everyone seems to be able to get this to work as long
as they are running PHP4, but I have yet to see (or realize I've
seen) a solution from someone using PHP5. I've also found where
"blizzards at libero dot it" has posted "When querying a windows
2000/2003 AD you MUST use only SASL and not TLS (non supported)."
- Is this true?

<?php
$ds = ldap_connect('ad.server.com');


make sure this is working by doing this:

if($ds){



$lb = ldap_bind($ds, 'username', 'password');


 then this:
 echo "Bind result is " . $lb . "<br />";

(should show 1)


// At this point the bind looks successful
// so we'll try a query

$res = ldap_search($ds, 'o=My Company,c=US','sn=S*');


Are you certain that this is the correct distinguished name? This is the bit
I struggled with. It will be the name at the very top of your active
directory (or the bit you are trying to search). To find this, I went onto the windows box in question, and opened the "active directory users and computers". The top level entry, which the Groups and Users are directly beneath, is what you are looking for. In my case, it was mydomain.com, so my
distinguished name looked like this:
"DC=mycompany, DC=com"

If I tried anything else here, it gave me an "operations error"


So since you've got it working with PHP5 can you verify that SASL is/
is not needed to communicate to an AD 2003 server from linux? I keep
leaning towards the possibility that I need that, but can't seem to
find any way to tell for sure since the ldap_sasl_bind()  function
isn't documented yet.



No, I'm using windows 200, can't help with that I'm afraid

Good luck

Mark

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux