LDAP_search PHP

Question

I need to do research in AD-PHP with LDAP, but every time I do not have success.

I'm filtering by sAMAccountName. When I use a user with simple name (E.x.: printer) everything is ok but when the name is not simple (E.x.: paulo.neves) it does not work.

Any ideas?


    $usuario = "paulo.neves";

    $base_dn = "ou=Administradores, dc=tiisa, dc=com, dc=br";

    $filter = "(&(objectClass=user)(objectCategory=person)(cn=*)(samaccountname=$usuario))";

    if (!($search=@ldap_search($connect, $base_dn, $filter))) {
    die("Unable to search ldap server");
    }

Is it possible that . is a reserved character for $filter and requires escaping? — Matt
Also, what do you define as "not simple"? Simple for you or the program? (as @Matt mentioned, could it be that if a username has a character like a . in it you/the program consider it not simple?) — Bono
must use this "." this is the default setting of all over 500 logins already have. I can not change — Paulo Roberto Neves
classify as simply logging in with just one word. and the other as being composed. — Paulo Roberto Neves

Terry Gardner Terry Gardner · Accepted Answer · 2012-08-03T21:39:33

Attribute values are defined in RFC4511. The octets that be used in an attribute value are defined by the syntax of the attribute type in question. If the syntax of samAccountName allows dot (.) characters without a requirement that said characters be escaped, then they need not be escaped.

It is always possible that the native language may require a character to be escaped.

Use the ldapsearch command line tool to verify that the entries with dots in the cn value can be retrieved from the directory
Just for grins, escape the dot in the attribute value by using "\2e" instead of "." and see what happens.
probably not related to your problem, but if every entry has a cn attribute, there is no need to use the present filter component cn=* in the search filter

LDAP_search PHP

2 Answers

see also