Using PHP LDAP functions: problem with filters

Posted on 2006-04-07
Last Modified: 2008-02-26
I'm using php's ldap functions to authenticate users against an Open LDAP directory.

This filter: $filter = "cn=" .$userid.;
works fine - ($userid) comes via POST from a form.

So does this: $filter = "(&(|(cn=ISS*)(cn=ITS*))(cn=" .$userid."))";

So I'm pretty confident I can combine (AND/OR) arguments to the filter, and hard-code different forms of 'acceptable' usernames.

However, I want to limit the search to specific OU's. I'm trying to do this inside the filter, but as soon as I do even this:
$filter = "(&(ou=*)(cn=" .$userid."))";

it breaks. Am I trying to set 'acceptable' ou's in the wrong place, or something?

How do I specify acceptable containers?

Question by:mark_l_sanders
    LVL 9

    Accepted Solution

    I've never tried to filter using ou's.  I usually specify what container to look in when I run the ldap_search.

    $sr=ldap_search($ds, "ou=container,o=company", $search_string );

    LVL 8

    Expert Comment

    LDAP queries work based on object attributes, and while an object may be under an ou, it's not likely to have that ou as an attribute. Instead, do as LinuxNubb suggests and set the desired ou as a base DN for your search.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Suggested Solutions

    The Client Need Led Us to RSS I recently had an investment company ask me how they might notify their constituents about their newsworthy publications.  Probably you would think "Facebook" or "Twitter" but this is an interesting client.  Their cons…
    Both Easy and Powerful How easy is PHP? (  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now