Unable to search LDAP server using PHP

Question

I am trying to search Active Directory if the user exists. I am getting the following error message. 'Unable to search LDAP server'. What could be wrong? Please suggest.

<?php

// LDAP variables
$ldaphost = "servername";  // your ldap servers
$ldapport = 389;                 // your ldap server's port number

// Connecting to LDAP
$ldapconn = ldap_connect($ldaphost, $ldapport)
          or die("Could not connect to $ldaphost");


$user = 'mylastname';

//search user in /Admin/IT/Users

$dn = "OU=Admin, OU=IT, OU=Users,   DC=school, DC=edu";

$filter = "(sAMAccountName=" . $user . ")";
$attr = array("memberof");
$result = ldap_search($ldapconn , $dn, $filter, $attr) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldapconn, $result);
echo $entries["count"]." entries returned\n";

?> 

Answer 1

If you are talking to Active Directory server, you should always set ldap protocol version to 3 and turn off referral handling:

ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

Also, a Distinguished Name should not have its parts space-delimited - reformat it as follows:

$dn = "OU=Admin,OU=IT,OU=Users,DC=school,DC=edu";

And lastly, if something goes wrong, always check what the LDAP server says!

$result = ldap_search($ldapconn, $dn, $filter, $attr) or exit("Unable to search LDAP server, response was: " . ldap_error($ldapconn));