Posted by Bing Du on 11/22/05 20:02

Bing Du wrote:

> Hello,
>
> The following script returns 'LDAP bind failed...'.
>
> <?php
> echo "Connecting ...<br />";
>
> $ldaprdn = "jsmith\@dept.some.edu";
> $ldappass = "jsmithpass";
>
> $ds=ldap_connect("ad.dept.some.edu");
>
> if ($ds) {
> echo "Binding ...<br />";
> $r=ldap_bind($ds, $ldaprdn, $ldappass);
>
> if ($r) {
> echo "LDAP bind successful...<br />";
> } else {
> echo "LDAP bind failed...<br />";
> }
> } else {
> echo "LDAP connection failed...<br />";
> }
>
> ?>
>
> If I change $ldaprdn to be "CN=John
> Smith,OU=Users,OU=DEPT,DC=some,DC=edu", then bind returns 'LDAP bind
> successful...'.
>
> However AD supports username to be in jsmith@dept.some.edu format
> because querying from the command line works:
>
> % ldapsearch -h ad.dept.some.edu -s sub -b "dc=dept,dc=some,dc=edu" -x
> -D jsmith@dept.some.edu -W "samaccountname=jsmith"
>
> Our AD only allows authenicated bindings. We don't know user's DN
> before binding. So anybody know how to make PHP allow
> $ldaprdn="jsmith\@dept.some.edu"?
>
> Thanks in advance,
>
> Bing

Ok, I've figured it out again. Removing the '\' in
$ldaprdn="jsmith\@dept.some.edu' fixed the problem. I thought it should
be escaped. But looks like it's not necessary.

Bing

[Back to original message]