Friday, November 27, 2009

php, LDAP and the whole tree

After using several hours on trying to search the entire AD tree on Windows 2003, I finally found the solution. Copied directly from php.net:

allie at lsu dot edu
06-Mar-2007 10:23
I sure do wish there was some way I could get this information out to all programmers in the world about binding and searching MS AD. This is the second time I was bit by the "I need to search the entire tree" problem.

For php (and apache auth_ldap ) you need to specify port 3268 when you want to search the entire tree. Otherwise it will spit out the partial results error.

ldap_connect($server,3268);

I'm just fortunate enough to have won this same battle with apache searching the whole directory. When I noticed our php application failing auth's for users, I was immediately able to fix the problem by adding this port specification (and the ldap_set_option($ldapserver, LDAP_OPT_REFERRALS, 0) option).

I really hope this helps someone else before they pull all their hair out. I know I miss mine.