PHP LDAP Search Root of Active Directory

Using PHP to query Active Directory resulted in a few problems e.g.

Warning: ldap_search() [function.ldap-search]: Search: Can’t contact LDAP server in …

ldap_search(): Search: Operations error
Warning: ldap_search() [function.ldap-search]: Search: Partial results and referral received

The errors only appeared when trying a search from the AD root, the errors disappeared when the search was carried out on an OU.

To solve these problems the following 2 lines are needed between the connection and the bind. The location is important !

ldap_set_option ($ldap_connection, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap_connection, LDAP_OPT_PROTOCOL_VERSION, 3);

13 Responses to “PHP LDAP Search Root of Active Directory”

  1. Developer

    Thank you man, you saved me a day of reading ldap documentation, I think!

    Reply
  2. Lance

    Thank you. I had found and tried the first line, but it was the second line I needed to set me free.

    Reply
  3. Paul

    Thanks for this – well spotted! I read elsewhere that the first line tells the LDAP client library not to follow referrals.

    I think the same issue arises when protecting directories using Apache’s mod_authnz_ldap module to authenticate users against AD. In that case, a solution is to edit the ldap config file (e.g. in /etc/ldap/ldap.conf for Debian) by adding the line:
    referrals off

    Reply
  4. Thushara

    Thank you very much for the expert direction.
    I sorted out my issue with your comment => ” following 2 lines are needed between the connection and the bind”

    Reply
  5. Duban

    Thanks a lot.. i am from the future, this was really helpful… placed those 2 lines between connection and bind and worked perfectly.!

    Reply

Leave a Reply to Paul

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>