You are here: Re: [PHP] Re: PHP 5, LDAP/Active Directory « PHP « IT news, forums, messages
Re: [PHP] Re: PHP 5, LDAP/Active Directory

Posted by "Mark Rees" on 09/14/05 11:35

> >> On my server I'm running:
> >> Fedora Core 4
> >> Apache 2
> >> PHP 5 compiled with OpenLDAP

> >> To shed more light on the topic, bug #30670 [ http://bugs.php.net/
> >> bug.php?id=30670&edit=0 ] seems to fit my situation perfectly. As
> >> some of the posts on that bug suggest, I've tried using
> >> ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
> >> ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);
> >> between ldap_connect and ldap_bind but I still get the "Operations
> >> error" message. Everyone seems to be able to get this to work as long
> >> as they are running PHP4, but I have yet to see (or realize I've
> >> seen) a solution from someone using PHP5. I've also found where
> >> "blizzards at libero dot it" has posted "When querying a windows
> >> 2000/2003 AD you MUST use only SASL and not TLS (non supported)."
> >> - Is this true?
> <?php
> $ds = ldap_connect('ad.server.com');

make sure this is working by doing this:

if($ds){


> $lb = ldap_bind($ds, 'username', 'password');

then this:
echo "Bind result is " . $lb . "<br />";

(should show 1)

> // At this point the bind looks successful
> // so we'll try a query
>
> $res = ldap_search($ds, 'o=My Company,c=US','sn=S*');

Are you certain that this is the correct distinguished name? This is the bit
I struggled with. It will be the name at the very top of your active
directory (or the bit you are trying to search). To find this, I went onto
the windows box in question, and opened the "active directory users and
computers". The top level entry, which the Groups and Users are directly
beneath, is what you are looking for. In my case, it was mydomain.com, so my
distinguished name looked like this:
"DC=mycompany, DC=com"

If I tried anything else here, it gave me an "operations error"

> So since you've got it working with PHP5 can you verify that SASL is/
> is not needed to communicate to an AD 2003 server from linux? I keep
> leaning towards the possibility that I need that, but can't seem to
> find any way to tell for sure since the ldap_sasl_bind() function
> isn't documented yet.


No, I'm using windows 200, can't help with that I'm afraid

Good luck

Mark

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация