allie at lsu dot edu
I sure do wish there was some way I could get this information out to all programmers in the world about binding and searching MS AD. This is the second time I was bit by the "I need to search the entire tree" problem.
For php (and apache auth_ldap ) you need to specify port 3268 when you want to search the entire tree. Otherwise it will spit out the partial results error.
I'm just fortunate enough to have won this same battle with apache searching the whole directory. When I noticed our php application failing auth's for users, I was immediately able to fix the problem by adding this port specification (and the ldap_set_option($ldapserver, LDAP_OPT_REFERRALS, 0) option).
I really hope this helps someone else before they pull all their hair out. I know I miss mine.