|
|
Posted by Joe Wollard on 09/13/05 19:06
On Sep 13, 2005, at 4:17 AM, Mark Rees wrote:
>> I've looked through php.net and scoured Google for a solution to an
>> issue I'm having with PHP and LDAP but have so far found nothing. I'm
>> trying to build an intranet site that uses the company LDAP (Active
>> Directory really) service but I can't seem to get around the
>> "Operations error" and other such messages when trying to bind.
>>
>> On my server I'm running:
>> Fedora Core 4
>> Apache 2
>> PHP 5 compiled with OpenLDAP
>>
>
> I have this working with PHP5, Apache2 and Windows 2000
>
>
>>
>> I must confess that I'm very new to LDAP so it is likely that my
>> problem is inexperience, but it seems that this issue has been
>> resolved by others so I'm trying to figure out what I'm doing wrong.
>>
>
> Same here!
>
>
>>
>> To shed more light on the topic, bug #30670 [ http://bugs.php.net/
>> bug.php?id=30670&edit=0 ] seems to fit my situation perfectly. As
>> some of the posts on that bug suggest, I've tried using
>> ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
>> ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);
>> between ldap_connect and ldap_bind but I still get the "Operations
>> error" message. Everyone seems to be able to get this to work as long
>> as they are running PHP4, but I have yet to see (or realize I've
>> seen) a solution from someone using PHP5. I've also found where
>> "blizzards at libero dot it" has posted "When querying a windows
>> 2000/2003 AD you MUST use only SASL and not TLS (non supported)."
>> - Is this true?
>>
>
> Are you doing an anonymous bind? If you are supplying login
> credentials, be
> sure that you are supplying them correctly. This was the problem I
> had. If
> this doesn't help, how about supplying some code?
> I found this to be a very useful resouce
> http://www.computerperformance.co.uk/Logon/
> LDAP_attributes_active_directory.
> htm
>
>>
>> Another thing worth mentioning here is that the company I work for
>> has allowed us to build our own intranet system for our Dept and
>> offers little to no support for server specs and settings, but I will
>> try to get any information to the list that might be helpful.
>>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Mark:
First off, thanks for the quick response! You asked if I am using an
anonymous bind or if my credentials are being passed correctly. I've
been trying anonymous right now as I'm only testing at this point and
wanted read only access. But, I have tried passing credentials as
well to see if our admin just doesn't allow anonymous binds. Of
course I could be doing this wrong, but I couldn't be sure. What did
you mean by 'be sure you are supplying them correctly'? I assumed
that the following would be fine:
<?php
$ds = ldap_connect('ad.server.com');
$lb = ldap_bind($ds, 'username', 'password');
// At this point the bind looks successful
// so we'll try a query
$res = ldap_search($ds, 'o=My Company,c=US','sn=S*');
// Now it will output the 'Operations error' message
// Could this happen if I specify directory entries that don't exists?
....
?>
As far as code examples go, I'm simply copying and pasting multiple
examples from multiple message threads that say something like
"Fixed" or "Got it" - as well as the examples from php.net.
So since you've got it working with PHP5 can you verify that SASL is/
is not needed to communicate to an AD 2003 server from linux? I keep
leaning towards the possibility that I need that, but can't seem to
find any way to tell for sure since the ldap_sasl_bind() function
isn't documented yet.
Thanks again!
Navigation:
[Reply to this message]
|