We help IT Professionals succeed at work.

PHP LDAP communication

deanmb
deanmb asked
on
Medium Priority
569 Views
Last Modified: 2013-12-13
I setup this script from php.net  And i know its connecting.   and i know its binding, but it wont search.  I was wondering is someone can tell me what may be wrong.  here is the resulting page


"

LDAP query test
Connecting ...connect result is Resource id #1
Binding ...LDAP bind successful...Bind result is 1
Searching for (sn=S* ...LDAP search failed...Search result is
Number of entries returned is
getting entries...
Data from items returned:

Closing connection

"

and the code will be below.
<?php
// basic sequence with LDAP is connect, bind, search, interpret search
// result, close connection
$uname = "cfusion";
$pass = "cfusion";
echo "<h3>LDAP query test</h3>";
echo "Connecting ...";
$ds=ldap_connect("dc01.ad.my_companies_domain.org");  // must be a valid LDAP server!
echo "connect result is " . $ds . "<br />";
$base_dn = "DC=ad, DC=chsnj, DC=org";
if ($ds) { 
    echo "Binding ..."; 
    $r=ldap_bind($ds, $uname, $pass);     // this is an "anonymous" bind, typically
	
	if ($r) {
        echo "LDAP bind successful...";
    } else {
        echo "LDAP bind failed...";
    }
                          
    echo "Bind result is " . $r . "<br />";
 
    echo "Searching for (sn=S*) ...";
    // Search surname entry
    $sr=ldap_search($ds, "OU=Users, OU=Officers, ".$basedn, "CN=Meyer");
		if ($sr) {
        echo "LDAP search successful...";
    } else {
        echo "LDAP search failed...";
    }  
    echo "Search result is " . $sr . "<br />";
 
    echo "Number of entires returned is " . ldap_count_entries($ds, $sr) . "<br />";
 
    echo "Getting entries ...<p>";
    $info = ldap_get_entries($ds, $sr);
    echo "Data for " . $info["count"] . " items returned:<p>";
 
    for ($i=0; $i<$info["count"]; $i++) {
        echo "dn is: " . $info[$i]["dn"] . "<br />";
        echo "first cn entry is: " . $info[$i]["cn"][0] . "<br />";
        echo "first email entry is: " . $info[$i]["mail"][0] . "<br /><hr />";
    }
 
    echo "Closing connection";
    ldap_close($ds);
 
} else {
    echo "<h4>Unable to connect to LDAP server</h4>";
}
?>

Open in new window

Comment
Watch Question

Top Expert 2007

Commented:
You might add ldap_error to your failed to get a clue why the search failed
echo "LDAP search failed..." . ldap_error($ds);

Open in new window

Author

Commented:
thanks for the quick response.  I tried that and it was causing a object error.

so i changed some lines to this

    echo "Searching for (sn=S*) ...";
    // Search surname entry
    $sr=ldap_search($ds, $basedn, '', "sn=S*");
      if ($sr) {
        echo "LDAP search successful...";
    } else {
        echo "LDAP search error: ".ldap_error($ds);
    }  


and now.  i still get the error as if its not working.  but i get a success message at the same time... the output is

LDAP search error: Success

thats this part

LDAP search error: ".ldap_error($ds);

so it's failing and the if statement sees that, and there is no search results, yet it thinks the search was successful... and i no with the 3000 employees someone has to have a surname that starts with S
Top Expert 2007

Commented:
There is still access control which might prevent the used ldap user from seeing those entries.

Author

Commented:
no this user is used to access ldap via coldfusion, but i use PHP so i'm trying to do it in php.
Top Expert 2007

Commented:
Try using an alternative ldap-browser and there use the sa,e credentials as in php and see if that ldap-browser does return a result. If not the permissions for the cf-user are not enought on the ldap-server.

Btw this is wrong:
$sr=ldap_search($ds, $basedn, '', "sn=S*");
should be
$sr=ldap_search($ds, $basedn, "sn=S*");
the 4th parameter must be an array

Author

Commented:
what do you mean a ldap-browser? you can';t just run this though a regular browser like firefox or msie?
Top Expert 2007
Commented:
No some software like http://www.jxplorer.org/

Author

Commented:
i thought you can run it in a regular browser.  Is there any way to run it in a regular browser? ColdFusion will run LDAP in a regular browser.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.