Solved: PHP and AD

kratak · 07-Dec-2005, 06:43 AM #1

Hi,

Im trying to use PHP to connect to AD, essentially on the Intranet i want the login page to authenticate through AD rather than going through our SQL server database.

Im running PHP 5.1.2 on Apache 2.0.55 and MS server2000

Im ok at binding to the server, its just when i try and search i get the following error.

Warning: ldap_search() [function.ldap-search]: Search: Operations error in c:\web\index2.php on line 25

Warning: ldap_get_entries(): supplied argument is not a valid ldap link resource in c:\web\index2.php on line 27
entries returned
<?php

$ad = ldap_connect("RPMAIL") or
die("Couldn't connect to AD!");
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);

$ldaprdn = 'user';
$ldappass = 'password';

$ldapbind = ldap_bind($ad, $ldaprdn, $ldappass);

if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}

$dn = "o=My Company, c=US";
$filter="(|(sn=$person*)(givenname=$person*))";
$justthese = array("ou", "sn", "givenname", "mail");

$sr=ldap_search($ds, $dn, $filter, $justthese);

$info = ldap_get_entries($ds, $sr);

echo $info["count"]." entries returned\n";

?>

thanks

Gibble · 07-Dec-2005, 12:07 PM #2

The error you have to fix is the ldap_search() one. The ldap_get_entries() error is caused because of it's failure.

Well, you connect and store the resource as $ad, yet when you do the ldap_search you are trying to use the resource $ds...which I don't see you setting anywhere, try using the $ad resource instead.

kratak · 08-Dec-2005, 08:06 AM #3

Hi

Thanks, I tried that and i get the same error.

Gibble · 08-Dec-2005, 09:24 AM #4

Well, you also don't set $person anywhere, and I think you should change your organization and country parameters in the following line to what they are in your Active Directory setup.

$dn = "o=My Company, c=US";

kratak · 09-Dec-2005, 06:05 AM #5

Hi,

I did some searching and found another example. I figured go for the basic first. However all i get in the display is "LDAP bind successful..." Do you know what the dc=com section is, i dont understand that bit. Is it somehting to do with base_dn?

<?php

$ad = ldap_connect("RPMAIL") or
die("Couldn't connect to AD!");
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);

$ldaprdn = 'user';
$ldappass = 'password';

$ldapbind = ldap_bind($ad, $ldaprdn, $ldappass);

if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}

$dn = "dc=com";
$attributes = array("displayname", "l");
$filter = "(sn=M*)";

$result = ldap_search($ad, $dn, $filter, $attributes);

$entries = ldap_get_entries($ad, $result);

for ($i=0; $i<$entries["count"]; $i++)
{
echo $entries[$i]["displayname"]
[0]."(".$entries[$i]["l"][0].")<br />";
}

ldap_unbind($ad);
?>

Gibble · 09-Dec-2005, 09:34 AM #6

let's remove the base.

Change $dn to an empty string
$dn = ""

Then check your ldap.conf file and make sure that no BASE is set. so if you see a line that looks similar to this, make sure it has a # in the beginning, if it doesn't, add it.
#BASE dc=example, dc=com

kratak · 09:10 AM

Hi

just want to say thankyou for all of your help. I've got it working by setting the base to local and not com.

thanks again,
Kev

I do have another litte query now. (Sorry to keep asking questions) I was curious why when trying to bind to AD it uses the display name rather than the NT login username. Also is it possible to use the NT login rather than the display name?

Search
Search in:
Show Threads Show Posts
Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)