Reputation: 158
PHP LDAP Search Fails Every Time
I have been attempting to do a simple LDAP search in order to get the full name (first and last) of a user based on their username.
I have the following code in a connections.php file that I include in my script to use as the LDAP connection:
$ldap = ldap_connect("ldap://10.0.69.172:389");
This works fine for my login script, which is successfully able to take binds and correctly authenticate for successful attempts and throw errors for unsuccessful attempts.
The issue is when I go to do a search of the LDAP directory, and I cannot figure out why. My test environment is just my linux web server and my testing domain controller with some test user information.
My domain: aspintech.local
My domain controller IP address: 10.0.69.172
Before I put any code, I just want to say that as per suggestion from another post, I am using Softerra LDAP Browser. This is helping me to see the attributes I should be using in the filters, and it was unable to search the LDAP server by default without me entering admin creds. So I am unsure if that has anything to do with it.
The code:
include_once 'connections.php';
$filter = "(objectClass=*)";
$sr = ldap_search($ldap, "DC=aspintech,DC=local", $filter);
$num = ldap_count_entries($ldap, $sr);
if ($num == 0 || $num == FALSE) {
echo "Nope";
}
else {
echo "It worked!";
}
The above code doesn't search with the username, for which I just replace the filter with the below:
$username = $_SESSION['username'];
$filter = "(sAMAccountName=${username})";
$_SESSION['username'] gets set upon login. No search seems to work with any filter, which has been depleting the hair on my head for like 3hrs now..
I have looked at the PHP documentation, all the posts I can find, I am unable to figure out why I cannot search.
I just want to also say, that the ldap_connect argument that I pass in has also been changed to the name of the server to no avail. I played with that quite a bit as well. So it has nothing to do with it being the IP address, because that works fine for authentication in my login script.
Upvotes: 0
Views: 429
Answers (1)
Reputation: 158
So after taking a bit of a break on this, I figured out that searching/querying AD is not allowed for anonymous users by default.
You would have to bind to a user that has access to the domain before searching.
I followed this to enable anonymous ldap queries and this now works fine: https://www.oreilly.com/library/view/active-directory-cookbook/0596004648/ch14s04.html
If that doesn't help you cause your visual like me, this one is much easier to follow: https://activedirectoryfaq.com/2016/09/anonymous-access/
And even further to this, I had to bind to the administrative account before being able to search. The search would connect due to me allowing anon search connections above, but I had to bind to an admin to be able to actually get results.
Upvotes: 1
Related Questions
- ldap_search(): Search: Operations error again
- Warning: ldap_search(): Search: Bad search filter
- php ldap search: no such object
- php ldap_search(): Search: Operations error
- PHP LDAP unable to search for user
- searching in LDAP via PHP
- Unable to search LDAP server using PHP
- How do I correctly use ldap_search() in PHP?
- ldap search filter is not working
- LDAP search error