Mark,
Thanks for all the help! Turns out I was right when I said my problem
may have been inexperience. Your suggestion of "DC=domain,DC=com"
worked and everything is functioning great! Thanks again!
On Sep 14, 2005, at 4:35 AM, Mark Rees wrote:
On my server I'm running:
Fedora Core 4
Apache 2
PHP 5 compiled with OpenLDAP
To shed more light on the topic, bug #30670 [ http://bugs.php.net/
bug.php?id=30670&edit=0 ] seems to fit my situation perfectly. As
some of the posts on that bug suggest, I've tried using
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);
between ldap_connect and ldap_bind but I still get the "Operations
error" message. Everyone seems to be able to get this to work as
long
as they are running PHP4, but I have yet to see (or realize I've
seen) a solution from someone using PHP5. I've also found where
"blizzards at libero dot it" has posted "When querying a windows
2000/2003 AD you MUST use only SASL and not TLS (non supported)."
- Is this true?
<?php
$ds = ldap_connect('ad.server.com');
make sure this is working by doing this:
if($ds){
$lb = ldap_bind($ds, 'username', 'password');
then this:
echo "Bind result is " . $lb . "<br />";
(should show 1)
// At this point the bind looks successful
// so we'll try a query
$res = ldap_search($ds, 'o=My Company,c=US','sn=S*');
Are you certain that this is the correct distinguished name? This
is the bit
I struggled with. It will be the name at the very top of your active
directory (or the bit you are trying to search). To find this, I
went onto
the windows box in question, and opened the "active directory users
and
computers". The top level entry, which the Groups and Users are
directly
beneath, is what you are looking for. In my case, it was
mydomain.com, so my
distinguished name looked like this:
"DC=mycompany, DC=com"
If I tried anything else here, it gave me an "operations error"
So since you've got it working with PHP5 can you verify that SASL is/
is not needed to communicate to an AD 2003 server from linux? I keep
leaning towards the possibility that I need that, but can't seem to
find any way to tell for sure since the ldap_sasl_bind() function
isn't documented yet.
No, I'm using windows 200, can't help with that I'm afraid
Good luck
Mark
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
