PHP ldap_get_entries() return count=zero

Question

I am trying to authenticate users' login against LDAP(Server is Mac El Capitan).
I can successfully connect and bind to the ldap server.
I can search and sort the result.
But when I perform "ldap_get_entries",I received "Zero" entry.
I've tried everything from StackOverFlow to Google's second page.
Any Suggestions or idea why this might be happening?

MY CODE -

    ";
    $ldapUser  = "uid=xxxxxx,cn=users,dc=dns1,dc=xxxxxxxx,dc=com";
    $ldapPass  = "xxxxxxxxxxx";
    $url       = "ldap://dns1.xxxxxxx.com:389";
    $ldap      = ldap_connect("$url") or die("Could not connect to LDAP server.");
    $baseDN    = "cn=users,dc=dns1,dc=xxxxxxxxx,dc=com";      
    ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ldap, LDAP_OPT_REFERRALS,0);
    $bind      = ldap_bind($ldap, $ldapUser, $ldapPass);

    if($bind) {
        echo "Connected To LDAP";
        echo "
";
        $filter="(sAMAccountName=$username)";
        echo "Filter = ".$filter;
        echo "
";
        $result = ldap_search($ldap,$baseDN,$filter) or die("Could not search.");
        echo "Result = ".$result;
        echo "
";
        $sort = ldap_sort($ldap,$result,"uid");
        echo "Sort = ".$sort;
        echo "
";
        $number = ldap_count_entries($ldap, $result);
        echo "Count Entries = ".$number;
        echo "
";
        $info = ldap_get_entries($ldap, $result);
        echo "Data for " . $info["count"] . " items returned:";
        echo "Info = ".$info;
        echo "
";
        echo '
'; print_r($info); echo '';
        echo "
";
        $fentry= ldap_first_entry($ldap, $result);
        echo "First Entry = ".$fentry;

         for ($i=0; $i<$info["count"]; $i++)
            {
                if($info['count'] > 1)
                    break;
                echo "You are accessing  ". $info[$i]["sn"][0] .", " . $info[$i]["givenname"][0] ."
 (" . $info[$i]["samaccountname"][0] .")
";
                echo '';
                var_dump($info);
                echo '';
                $userDn = $info[$i]["distinguishedname"][0]; 
            }

        ldap_close($ldap);

    }
    else{
        echo "Cannot Connect To LDAP.";
    }


    }}
    ?>

I can connect - bind - search But "ldap_get_entries()" returns zero.

heiglandreas · Accepted Answer

First: You can skip the or die "Could not connect to LDAP Server" as that will almost never happen. ldap_connect only checks the parameter for syntactical correctness and does not actually connect to the server. The actual connection happens on the first call to the server which usually is ldap_bind. That's why conncetion issues often surface on ldap_bind and not on ldap_connect.

Second: Where did you get samAccountName from? That's a field that's usually used by ActiveDirectory. In Apples OpenDirectory the user is usually identified by the uid-attribute. So your filter should be sprintf('uid=%s', $username).

Third: I doubt that only Users in the group "Open Directory Administrators" are allowed to bind agains the LDAP. They for sure are the only ones allowed to edit the directory but every other user can bind as well.

Fourth: ldap_sort is deprecated by now. It's not sorting on the server side but on the client side. So only the returned results are sorted. When you have paged results that means that - even though you sorted the result - there still will be entries that would fit right in between your results. I'm currently working on a way to use server-sided sorting but that relies on the feature to be available on the server. So you can use ldap_sort but you can also implement your own sorting on the result set.

So change the filter to uid=$username and you'll get the expected results. The mail attribute might also contain the full email-address and might therefore then fail! You can also adapt the filter to search more than one field. Have a look at this slide for short examples.

PHP ldap_get_entries() return count=zero

Answers (2)

Related Questions