Using PHP LDAP functions: problem with filters

I'm using php's ldap functions to authenticate users against an Open LDAP directory.

This filter: $filter = "cn=" .$userid.;
works fine - ($userid) comes via POST from a form.

So does this: $filter = "(&(|(cn=ISS*)(cn=ITS*))(cn=" .$userid."))";

So I'm pretty confident I can combine (AND/OR) arguments to the filter, and hard-code different forms of 'acceptable' usernames.

However, I want to limit the search to specific OU's. I'm trying to do this inside the filter, but as soon as I do even this:
$filter = "(&(ou=*)(cn=" .$userid."))";

it breaks. Am I trying to set 'acceptable' ou's in the wrong place, or something?

How do I specify acceptable containers?

Who is Participating?
I've never tried to filter using ou's.  I usually specify what container to look in when I run the ldap_search.

$sr=ldap_search($ds, "ou=container,o=company", $search_string );

LDAP queries work based on object attributes, and while an object may be under an ou, it's not likely to have that ou as an attribute. Instead, do as LinuxNubb suggests and set the desired ou as a base DN for your search.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.