Warning: ldap_search(): Search: Bad search filter

Question

I am trying to create a login page using PHP.

Goals:

1. The user is able to sign in using the same username/password he uses when logging into Windows
2. The user will be redirected to a page depending on the group he belongs to

So the 1st goal is solved. The problem now is the 2nd goal.

I get an error when I run the script:

Warning: ldap_search(): Search: Bad search filter

Script:

$ldap['user'] = "domain\user123";
$ldap['pass'] = "password123";
$ldap['host']   = 'site.domain.com';
$ldap['port']   = 389;
$ldap['dn'] = "DC=site, DC=domain, DC=com";
$ldap_user_group = "User";
$ldap_manager_group = "Admin";

$ldap['conn'] = ldap_connect( $ldap['host'], $ldap['port'] )
or die("Could not connect to {$ldap['host']}" );

$ldap['bind'] = ldap_bind($ldap['conn'], $ldap['user'], $ldap['pass']);

if( !$ldap['bind'] )
  {
    echo "Login Failed";
  }

else if( $ldap['bind'] )
  {
    $filter = "(sAMAccountName=" . $ldap['user'] . ")";
    $attr = array("memberof");
    $result = ldap_search($ldap['conn'],$ldap['dn'], $filter, $attr)
    or exit("Unable to search LDAP server");
    $entries = ldap_get_entries($ldap['conn'], $result);
    ldap_unbind($ldap);

    foreach($entries[0]['memberof'] as $grps) 
       {
         if (strpos($grps, $ldap_manager_group)) 
            { 
               //redirect to Admin page
            }

         if (strpos($grps, $ldap_user_group)) 
            { 
               //redirect to User page
            }
}

I'm really lost as I have no idea what must be causing this error.

Answer 1

You get a bad search filter as you are passing in a slash into the filter. You are using $ldap['user'] = "domain\user123"; in your filter here $filter = "(sAMAccountName=" . $ldap['user'] . ")";

Depending on your AD setup, you'll probably want to use something like $filter = "(sAMAccountName=user123)";