LDAP Operations error

19
votes

I have a problem with ldap connection.

$hostname="ldap://sub.domain.com";
$ds=ldap_connect($hostname, 389);
ldap_set_option ($ds, LDAP_OPT_REFERRALS, 0) or die('Unable to set LDAP opt referrals');
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3) or die('Unable to set LDAP protocol version');

if ($ds)
{
$dn = "OU=Users,OU=ro,DC=sub,DC=domain,DC=com";

if (!($ldapc=ldap_bind($ds))) { 
    echo "<p>Error:" . ldap_error($ds) . "</p>"; 
    echo "<p>Error number:" . ldap_errno($ds) . "</p>"; 
    echo "<p>Error:" . ldap_err2str(ldap_errno($ds)) . "</p>"; 
    die;
} 

$attributes = array("sn");
$filter = "(sn=*)";
$result = ldap_search($ds, $dn, $filter, $attributes);

echo $result;
$info = ldap_get_entries($ds, $result);
for ($i=0; $i < $info["count"]; $i++) {
    echo $info[$i]["ou"][0];
}
} else {
    echo "<h4>Unable to connect to LDAP server</h4>";
}

ldap_unbind($ds);

The ldap any anonymous connection works because I test it in a AD browser and everything is fine. In this code it stops at

ldap_search($ds, $dn, $filter, $attributes);

I receive the warning:

Warning: ldap_search(): Search: Operations error in ..\index.php on line 38

I don't really know what can be the cause of this error, I appreciate your help.

2
phpldap
Didn't you get lost with variable scope? $dn (base dn for search) is defined one level below ldap_search call. Try echoing (var_dump) ldap search parameters just before calling search, to make sure everything is fine, or include isset($dn) check. Or just define $dn unconditionally.Piotr Wadas
The parameters are ok, i checked them right before the search call and that's ok. One problem that i think may be, i'm on intranet, i don't have the administrator permissions, so i can't write in C. I copied the xampp archive, i don't installed xampp on this machine. First even if i enabled the ldap extension from php.ini it didn't work because i doesn't have some file in C/windows/system. When i copied them everything works, i think. So, the installing can be a problem?Dogaru Ionut
What about using shell tool to check, or Apache DirectoryStudio ( LDAP client GUI ) ? You don't need to be local admin to install/use it, on Linux or Windows workastation, whatever. Try connecting and querying ldap server with any other tool than PHP.Piotr Wadas
I test the server with ADexplorer and everything seems to be ok with the server.Dogaru Ionut
Yes, you're right, the "ou" cannot be displayed but anyway this was just a test to view some results, the execution does not reached to that instruction. I found the problem, was the bind problem. The server accepts the anonymous bind but not the search. And with an user and pass worked but i was making a mistake. For user i considered just de windows's username not the all location from AD, now it works. Thanks for your help, i appreciate this.Dogaru Ionut

2 Answers

24
votes

To get it off the unanswered list:

I found the problem, was the bind problem. The server accepts the anonymous bind but not the search. And with an user and pass worked but i was making a mistake. For user i considered just de windows's username not the all location from AD, now it works.

17
votes

Had this problem, but i was correctly bind with a user who was allowed to search.

I solved it by setting up this option to work with active directory : 

ldap_set_option($connection, LDAP_OPT_REFERRALS, 0);