|
Posted by Joe Wollard on 09/14/05 19:53
Mark,
Thanks for all the help! Turns out I was right when I said my problem
may have been inexperience. Your suggestion of "DC=domain,DC=com"
worked and everything is functioning great! Thanks again!
On Sep 14, 2005, at 4:35 AM, Mark Rees wrote:
>>>> On my server I'm running:
>>>> Fedora Core 4
>>>> Apache 2
>>>> PHP 5 compiled with OpenLDAP
>>>>
>
>
>>>> To shed more light on the topic, bug #30670 [ http://bugs.php.net/
>>>> bug.php?id=30670&edit=0 ] seems to fit my situation perfectly. As
>>>> some of the posts on that bug suggest, I've tried using
>>>> ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION,3);
>>>> ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);
>>>> between ldap_connect and ldap_bind but I still get the "Operations
>>>> error" message. Everyone seems to be able to get this to work as
>>>> long
>>>> as they are running PHP4, but I have yet to see (or realize I've
>>>> seen) a solution from someone using PHP5. I've also found where
>>>> "blizzards at libero dot it" has posted "When querying a windows
>>>> 2000/2003 AD you MUST use only SASL and not TLS (non supported)."
>>>> - Is this true?
>>>>
>> <?php
>> $ds = ldap_connect('ad.server.com');
>>
>
> make sure this is working by doing this:
>
> if($ds){
>
>
>
>> $lb = ldap_bind($ds, 'username', 'password');
>>
>
> then this:
> echo "Bind result is " . $lb . "<br />";
>
> (should show 1)
>
>
>> // At this point the bind looks successful
>> // so we'll try a query
>>
>> $res = ldap_search($ds, 'o=My Company,c=US','sn=S*');
>>
>
> Are you certain that this is the correct distinguished name? This
> is the bit
> I struggled with. It will be the name at the very top of your active
> directory (or the bit you are trying to search). To find this, I
> went onto
> the windows box in question, and opened the "active directory users
> and
> computers". The top level entry, which the Groups and Users are
> directly
> beneath, is what you are looking for. In my case, it was
> mydomain.com, so my
> distinguished name looked like this:
> "DC=mycompany, DC=com"
>
> If I tried anything else here, it gave me an "operations error"
>
>
>> So since you've got it working with PHP5 can you verify that SASL is/
>> is not needed to communicate to an AD 2003 server from linux? I keep
>> leaning towards the possibility that I need that, but can't seem to
>> find any way to tell for sure since the ldap_sasl_bind() function
>> isn't documented yet.
>>
>
>
> No, I'm using windows 200, can't help with that I'm afraid
>
> Good luck
>
> Mark
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Navigation:
[Reply to this message]
|