You are here: Re: [PHP] Re: PHP 5, LDAP/Active Directory: fixed « PHP « IT news, forums, messages
Re: [PHP] Re: PHP 5, LDAP/Active Directory: fixed

Posted by Joe Wollard on 09/14/05 19:53

Mark,

Thanks for all the help! Turns out I was right when I said my problem
may have been inexperience. Your suggestion of "DC=domain,DC=com"
worked and everything is functioning great! Thanks again!


On Sep 14, 2005, at 4:35 AM, Mark Rees wrote:

>>>> On my server I'm running:
>>>> Fedora Core 4
>>>> Apache 2
>>>> PHP 5 compiled with OpenLDAP
>>>>
>
>
>>>> To shed more light on the topic, bug #30670 [ http://bugs.php.net/
>>>> bug.php?id=30670&edit=0 ] seems to fit my situation perfectly. As
>>>> some of the posts on that bug suggest, I've tried using
>>>> ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
>>>> ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);
>>>> between ldap_connect and ldap_bind but I still get the "Operations
>>>> error" message. Everyone seems to be able to get this to work as
>>>> long
>>>> as they are running PHP4, but I have yet to see (or realize I've
>>>> seen) a solution from someone using PHP5. I've also found where
>>>> "blizzards at libero dot it" has posted "When querying a windows
>>>> 2000/2003 AD you MUST use only SASL and not TLS (non supported)."
>>>> - Is this true?
>>>>
>> <?php
>> $ds = ldap_connect('ad.server.com');
>>
>
> make sure this is working by doing this:
>
> if($ds){
>
>
>
>> $lb = ldap_bind($ds, 'username', 'password');
>>
>
> then this:
> echo "Bind result is " . $lb . "<br />";
>
> (should show 1)
>
>
>> // At this point the bind looks successful
>> // so we'll try a query
>>
>> $res = ldap_search($ds, 'o=My Company,c=US','sn=S*');
>>
>
> Are you certain that this is the correct distinguished name? This
> is the bit
> I struggled with. It will be the name at the very top of your active
> directory (or the bit you are trying to search). To find this, I
> went onto
> the windows box in question, and opened the "active directory users
> and
> computers". The top level entry, which the Groups and Users are
> directly
> beneath, is what you are looking for. In my case, it was
> mydomain.com, so my
> distinguished name looked like this:
> "DC=mycompany, DC=com"
>
> If I tried anything else here, it gave me an "operations error"
>
>
>> So since you've got it working with PHP5 can you verify that SASL is/
>> is not needed to communicate to an AD 2003 server from linux? I keep
>> leaning towards the possibility that I need that, but can't seem to
>> find any way to tell for sure since the ldap_sasl_bind() function
>> isn't documented yet.
>>
>
>
> No, I'm using windows 200, can't help with that I'm afraid
>
> Good luck
>
> Mark
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация