PHP :: BaseDN LDAP Search

PHP And LDAP
I can currently connect, bind and authenticate a user against
ActiveDirectory using OpenLdap and apache. I have apache compiled with
SSL as well. I force PHP to use https:// and i get the browser ask if i
want to accept the certificate etc. I'm also connecting to Ldap on port
686.

Now it all works fine apart, although then i started up ethereal to
check on the packets and it appears the username and password are being
sent in plain text. I cant work out why.

Heres the code.
==========================================
var $_domain_controllers = array ("hole.chase.local, 686");

//other variables
var $_user_dn;
var $_user_pass;
var $_conn;
var $_bind;

// default constructor
function adLDAP(){
//connect to the LDAP server as the username/password
$this->_conn = ldap_connect($this->random_controller());
ldap_set_option($this->_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($this->_conn, LDAP_OPT_REFERRALS, 0); //disable plain
text passwords
return true;.....

LDAP
I'm having trouble with LDAP for php (I guess with LDAP in general). I can get connected and bound to a given LDAP server and display records, but can't add. My code used to add is as follows: Code:

Ldap+php
I am new to LDAP. Could anyone tell me some good sites for LDAP tutorials with examples for ldif files.

LDAP
Does anyone know if there is a way to manually configure PHP to enable
the LDAP functions, without having to recompile PHP?

I am using Sokkit in a production environment and don't want to risk
messing things up.

Ldap
Any idea why Im i getting this error

Warning: ldap_get_values_len(): Cannot get the value(s) of attribute
Decoding error in ...

Im trying to read logonhours attribute of a user in Active Directory
(AD) using ldap.

I Need To Now About LDAP
I need to know what LDAP is in what way it is related to php or linux.

LDAP Attributes
I've got a problem with Sun's iPlanet Directory Server 5.1. I'm writing applications in PHP, and so far it's all going well. However, there appear to be some attributes that I can't fetch - one of these is passwordexpirationtime. I can get the usual stuff like uid, cn etc. but this (and some other attributes) cannot be fetched.

I've tried binding anonymously, and as the directory administrator - but I still get the same result. It appears that I am limited to the following :-

uid
givenname
objectclass
sn
cn
userpassword
creatorsname
modifiersname
createtimestamp
modifytimestamp
mail
telephonenumber
employeetype
dn

Is there anything that anyone could suggest ? Any help would be much appreciated - I need to provide a facility to let my users know when their password is about to expire.

LDAP And MYSQL
can any one put some light on why to choose LDAP against a database. what could be the advantages in comparison to a mysql db? Pls share with me as this cud be a critical technology in the near future.

PHP And LDAP On Windows
Anyone have recommendations as to the easiest LDAP libraries to install
on Windows for PHP? Building them from source on Windows is not an
option and we can't locate anything pre-built from UMich or OpenLDAP -
someone suggested the Novell and Mozilla SDKs but I have no idea where
to put the DLLs ..

PHP 5.0.4 under Windows XP

Ldap Support
I would like to install ldap support on php!

Steps :

1. php.ini : extension_dir = "c:php"
2. copy file c:phpextensionphp_ldap.dll to c:php
2. delete ; before extension=php_ldap.dll

And the message returned when i'm restarting Apache Web server is :

"Unable to find module c:phpphp_ldap.dll"

Using Domino LDAP ?
I'm working on a new system that my superiors have determined should use
LDAP for it's authentication and user management. Not real bad, but it's
proving to be a bit of a hassel.

I'm using a Lotus Domino server for the LDAP part. If, in the
ldap_search(...) function I pass it "o=myCompany" for the dn parameter (the
second parameter), I only get back the list of users, not the groups. I
only want back the groups in this instance.

The problem stems from the way Domino is returning the group information...
they don't belong to an "o" or anything like that. The only way to set
them apart from a person is through the objectclass, which can't be used in
the dn parameter.

Here's what Domino gives back for a group:

CN=cfUnixAdmin
cn=cfUnixAdmin
objectclass=top
objectclass=groupOfNames
objectclass=dominoGroup
member=CN=Bob Jones,O=myCompany
member=CN=John Doe,O=myCompany
member=CN=Bubba Smith,O=myCompany

So, the question is, how do you form an ldap search to get back the groups?

Connecting To LDAP
I am having some issues connecting to LDAP through PHP.

I am using the function provided here:
http://www.php.net/manual/en/function.ldap-bind.php (By 'edi01 at gmx
dot at'). I don't get any errors till it tries to do the search. I get
the following error:
ldap_search(): Search: Operations error
verification on 'ldap://newkenny': ldap_error(Resource id #2)
failure: search in LDAP-tree failed
ACCESS DENIED

I'm trying to connect to a Win2003 AD server. I have set the
"LDAP_OPT_REFERRALS" to 0 as someone else stated.

When I do: ldapsearch -H ldap://myserver -b "cn=users,dc=base,dc=com"
-x -W -Dmyaccount -LLL "(SAMACCOUNTNAME=myaccount)"
from the command line it works fine.

-> LDAP In SSL Problem <-
it seems to me that I have a problem using an LDAPS connection
to our server for identification purposes (using OpenLDAP and
OpenSSL).

Using PHP 4.4.4 I have the following code which correctly
binds in SSL but any "search" for attributes and their values
seems to return only the attributes for an anonymous connection.
Thus, this is restricted to a few ones instead of having them all
(especially the groupMembership I'm looking for).

$ldapconn = ldap_connect("ldaps://ldapserver", 636 )
or die( "Connection problem.<BR>" ) ;

if (ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3)) {
echo "Using LDAPv3<BR>
";
} else {
echo "Failed to set protocol version to 3";
}

// Verify whether the provided name exists
$ldapresult = @ldap_search( $ldapconn, "o=mydomain", "cn=".$name ) ;
if( $ldapresult ) {
// User exists, now retrieve his DN and bind in SSL
$entries = @ldap_get_entries( $ldapconn, $ldapresult ) ;
if( $entries["count"] ) {
$ldapbind = ldap_bind( $ldapconn, $entries[0]['dn'], $pwd ) ;
if( $ldapbind ) {
echo "Succesfully bound<BR>" ;
// do some new ldap_search here
...
}
else {
echo "Bound failed<br>" ;
}
}
}

This prints "Succesfully bound" with the correct credentials.

That's where I have a doubt. How does the ldap function then work
knowing it has correct credentials?

After the succesful bind, if I do another search, I still get the
basic attributes (about 6 of them), not all of them.
For example:
$result = @ldap_search( $ldapconn, "o=mydomain", "cn=".$name ) ;

Does ldap_bind change the content of $ldapconn in order to know
that we're now securely authotified???

I really miss something there. Does the ldap_bind call change anything
to the ldap function behaviors after being succesful?
How does the application know we're correctly identified?

The server has a valid certificate (the bind() wouldn't work anyway if
that were not the case).

LDAP Exop How?
I'm trying to write a script to change LDAP passwords using exop
transactions but I can't see any reference to it in the PHP library. Can
anyone please help me out? How do I change LDAP passwords using exop? Do
I have to write my own module? If so, how do we do that?

Problem With LDAP-add
I am using php5 and trying to add users to the AD with the following
php-script, but it doesnt work. Login,... works fine but I get an
error:
"ldap_add() [function.ldap-add]: Add: Referral in
C:wampwwwvalidAdminPage.php on line 51"(line 51 is the line which
does the add). an the output "There was a problem" which is the output
if the add goes wrong.

The script:

$ldaprdn = "admin@ville.dom";
$ldappass ="<password>";
$ds = ཆ.121.2.202'
$dn = "CN=jmiller,CN=Users;dc=ville,dc=dom";
$ldapport = 389;
$ldapconn = ldap_connect($ds, $ldapport)
or die("Could not connect to LDAP server.");
if ($ldapconn)
{
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION,3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS,0);
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
if ($ldapbind){
$adduserAD["cn"][0] = "jmiller";
$adduserAD["samaccountname"][0] = "jmiller";
$adduserAD["objectclass"][0] = "top";
$adduserAD["objectclass"][1] = "person";
$adduserAD["objectclass"][2] = "organizationalPerson";
$adduserAD["objectclass"][3] = "user";
$adduserAD["displayname"][0] = "jemp miller";
$adduserAD["name"][0] = "jemp";
$adduserAD["givenname"][0] = "miller";
$adduserAD["sn"][0] = "Bisdorff";
$adduserAD["company"][0] ="vdl";
$adduserAD["description"][0] = "my description";
$adduserAD["mail"][0] = "jmiller@ville.dom";
$adduserAD["samaccountname"][0] = "jbisdorff";
$adduserAD["userprincipalname"][0] ="jmiller@ville.dom";
// add data to directory
$result=ldap_add($ldapconn, $dn, $adduserAD);
if ($result)
echo "User added!";
else
echo "There was a problem!";

ldap_unbind($ldapconn);

LDAP Authentication
My applications authenticate to the users table of my db. Now I am required to authenticate the users to directory with LDAP. I have searched and found several very complicated tutorials that do much more than a simple authentication. All I want to do is authenticate the users.....if they have an account, let them in....or else send them away. Simple to do with PHP & Mysql, but I need to know how to go about this with PHP & LDAP and I can't seem to find a simple explanation of how to go about this, from the standpoint of complete novice to LDAP.

LDAP / AD Auth
Does anyone have a front end form for the LDAP class that they wouldn't mind posting. Just trying to enable site access based on Active Directory

PHP, LDAP, List OUs And Sub-OUs
I have managed to connect to Microsoft Active Directory, using PHP and LDAP. Also managed to performe a search in AD for UserAccount information.

What I need help with, is to search in AD within an OU (Organizational Unit) and list the reslut into an own array. i.e.

In AD the structure looks like this:

+Sales
-USA
-Sweden
-Belgium
+Finance
-Usa
-Sweden
-Belgium

I would like to have them in an array in the format:

Sales/USA
Sales/Sweden
Sales/Belgium
Finance/Usa
Finance/Sweden
Finance/Belgium

Ldap Module
I'm having trouble using the ldap module with php which runs on a linux server. I've run php on a windows server and I know that pretty much all you do is copy your .dll to the right folder, restart apache, and you're done. I uncommented out the "extension=php_ldap.so" in my php.ini file, but the module isn't even in the extension directory folder (/usr/lib/php5/20060613).

Errors On PHP Build With LDAP
I am working on an OS X 10.1.2 box.

I have complied OpenLDAP and it is working fine. I can compile PHP (tried 4.0.6 and 4.1.1) with LDAP using:

LDAP, KADM5 And Phpinfo()
I read the instructions on how to install the LDAP module on a windows
machine in the php manual at
http:://phpbuilder.com/manual/en/ref.ldap.php

All it said was to put the libeay32.dll and ssleay32.dll files in the windows SYSTEMS folder. Either C:WINDOWSSYSTEM or C:WINNTSYSTEM32. The manual did not say anything about installing K5ADM. The rest of the detailed information
on that page was for a linux platform. I also took out the ; in the
extension=php_ldap.dll line in php.ini.

When I did that I then restarted my web browser and ran a page that
only had PHPINFO() in the html. I did not see anywhere on the output
page where LDAP or K5ADM shown. Are these modules supposed to show up
in a phpinfo page? And if not how do I know they are running?

UserPassword Field In Ldap
I have a problem with the use of ldap with php.

I have an interface which is used to create users in a ldap directory.
Adding users work fine, but I can't set correctly the userpassword field.
I tried different methods of crypting the password (md5, sshsa}, tried to
put {MD5} or {SSHSA} before the password, but it does not work. The field
is correctly added to the directory, but the user can not log in.

I also tried to use:
$pass = exec(/usr/bin/slappasswd motdepasse);
but it returns an error code 1, although it works perfectly fine in
console.

Of course, adding a user using a ldif file and ldapadd works fine.

I am running ldap server openldap version 2.1.22 and php4.

LDAP/Exchange Authentication
Anyone know how to authenticate via LDAP onto an Exchange Server and retrieve an email address for the user logged in? I can connect, bind but my ldap_search() fails miserably and I can't find much help on the Net anywhere.

LDAP, Proxy Certificate
Can I and how use temporary certificate
as proxy to establish connection with
LDAP server? Instead of using

ldap_bind()

to authentication I want to use
alternative function to eliminate
passing 'username' and 'password'.

LDAP And TelephoneNumber Attribute
Anyone have a problem with PHP returning the telephoneNumber attribute empty while all the other attributes return just fine. Someone had the same exact problem on phpbuilder but it was never solved. Apparently it holds true for facsimileTelephoneNumber also. Any ideas?

Ldap Authentication Error
I'm trying to make a ldap query but I am getting a strange error.

Warning: ldap_bind() expects parameter 1 to be resource, null given in
home/user1/cgibin/test.php on line 10

Does anyone knows what this means.

This is the code :

$bind = ldap_bind($ds ,"cn=user,o=company","password");

I have ldap support in php.

[PHP Modules]
ldap
openssl
overload
pcre
posix
session
standard
tokenizer
xml

LDAP Configuration On Win32
I have php 4 installed on a win 2k prof machine. I can't seem to get LDAP configured correctly. In the php.ini file I included the 'c:phpextensions' for the extension_dire. Then I uncommented the extension=php_ldap.dll line and copied the phpldap.dll to the 'c:phpextensions' location. I restarted IIS but had no luck loading the ldap.dll. The web site couldn't it seemed to be trying the load the ldap.dll but just timed out.

LDAP For Windows Server?
I'm wondering if anyone has any clue where to get an ldap server for
windows? I'm trying to avoid installing the resource hog Active Directory on
my server with limited resources(diskspace/memory).

Perhaps that anyone ever compiled sucessfully the OpenLDAP, an opensource
distribution.

Protecting Against Ldap Injection?
Say I have the following in a PHP script of mine:

$sr=ldap_search($ds, "", "(& (sn=$_GET[lastname]) (givenName=
$_GET[firstname]*))");

If $_GET[lastname] contains a ), an attacker could escape out of the
first part of the LDAP query and perform ldap injection, as it were
(not sure what can be done with ldap injection, though).

My question is... how do I prevent this? Would I escape ) with )?
Would there be other characters I'd need to escape, as well?

LDAP Authentication Problem
I'm developping a module in PHP to get the users of a LDAP server and
add them in a Postgre database, where normal users are too.

I've managed to do this "easily" but now a new problem shows up.
When a user tries to logon onto the platform, I have to verify whether
he is a normal user or not. If he is a normal user, I check the login
and password basically, with just a select into the database.

But when the user comes from a LDAP server, in order to check if he is
still present on the LDAP server, I have to make a connection on the
LDAP server and bind with his "login" (DN) and password.

The problem is that PHP keeps sending me a ldap_bind error (not enough
credential, error 50).
With the manager account, I can bind easily on to the server but not
with a normal user account.

I guess that the problem comes from the Access List in the slapd.conf
(I'm using OpenLDAP), but I can't find a good access list.
I've first thought about logging in with the manager account and then
check if the user was still on the server but the password encryption
can change, and OpenLDAP isn't the only server that might be used with
the platform.

Problem LDAP And Win2003 AD
I'm trying simple scripts to browse an Active Directory via LDAP
functions ... My domain is: schoollm.lan

The script I'm trying:

----------
$root_dn = "administrator@mascheroni.lan";
$root_pw = "secret";
$conn = ldap_connect("192.168.10.1") or die("Could not connect to server");
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
$r = ldap_bind($conn, $root_dn, $root_pw) or die("Could not bind to server");
$result = ldap_search($conn,"dc=schoollm, dc=lan","(cn=*)") or die ("Error in search query");
$info = ldap_get_entries($conn, $result);
for ($i=0; $i<$info["count"]; $i++)
{
echo "dn is: ". $info[$i]["dn"] ."<br>";
echo "first cn is: ". $info[$i]["cn"][0] ."<br>";
echo "first email address is: ". $info[$i]["mail"][0] ."<p>"; }
echo "Number of entries found: " . ldap_count_entries($conn, $result)
ldap_close($conn);
----------

I always get this error:

Secure LDAP Problem
I managed to get LDAP working on my server, I realized that in order to change a user's password on Active Directory, I need to make a secure connection to LDAP (This is where the problem comes in).

Here is what I have done so far:

1.) Enabled "php_ldap.dll" in php.ini
2.) Copied required dll's into the system path
3.) Created an SSL certificate using SelfSSL
4.) Exported the certificate using Certificate Authority
5.) Converted the certificate from .cer to .pem using OpenSSL
6.) Created "C:OpenLDAPsysconf" directory
7.) Created "ldap.conf" in the above mentioned directory
8.) Entered the following lines in ldap.conf:
TLS_REQCERT never
TLS_CACERT C:OpenLDAPsysconfcertscertificate.pem
TLS_CACERTDIR C:OpenLDAPsysconfcerts
9.) Restarted the server

The environment I am running on:

Windows Server 2003 R2 Standard Edition /w SP2
IIS 6.0
PHP 5.2.3

Actual Problem:
I can neither bind using the "ldaps://" protocol nor can I establish ldap_start_tls($conn). Binding with "ldap://" works fine, but will not let me change password in a non-secure mode.

Active Directory And LDAP
I have a php Intranet, and what I would like to do is hit the Active Directory and bring back the Username, FirstName and Lastname from Active Directory and set them to variables, so I can either display them or insert them into a database.

A few things to consider, php is installed on the server, but I don't have access to the server to change any settings. This is just a side project and we are blowing up the existing intranet and going with a Content Management System, so the easier the better.

Ldap And OpenLdap System Implementation
Did any one in here knows how to setup ldap server, I need to setup that kind
of system in our network the idea is to collect all microsoft outlook address
book and send to the ldap server. Also is there other alternative way to
implement such system i have search some alternative to this and i search
OpenLdap but it confuse me how can i send address book data directly and
sycronized in OpenLdap system.

Unable To Start TLS In Ldap Queries
When I try to use the ldap_search() function on an LDAP server and I've
connected to, I get the following error message:

Warning: ldap_search(): Search: Confidentiality required in
C:path oscript.php on line xxx

So I try to use ldap_start_tls() and get this error:

Wwarning: ldap_start_tls(): Unable to start TLS: Connect error in
C:path oscript.php on line xxx

I try to set LDAP_OPT_PROTOCOL_VERSION to 3, with ldap_set_option,
before doing ldap_start_tls, and get the same error.

Anyway, I'm not really sure what the problem is. Any ideas?

PHP, MySQL User Rights With LDAP?
I´ve got several MySQL Databases running on a Linux 8.1 Server. User
rights and access to those databases are made by MySQL Database
rights. On the other side I´ve got some applications that are running
with permissions over a LDAP server.

Now - is it possible, to organize my MySQL Database User-, table-, and
access rights over that LDAP Server at once?

If its possible - has anybody found a documentation for sth like that
- or example configs?

Ldap-start-tls To Connect To AD Server
I try to use ldap-star-tls to connect to a win2003 domain controller and
browse AD.

$ds = ldap_connect("ldap://$ad_server/") ,"389"); // Connect to an LDAP
server
echo $debug?"<BR>LDAP Connection handler:$ds<BR>":"";
if ($ds == 0) {
echo "<H1>Cannot connect to LDAP server to authenticate</H1>";
echo "<H3>Use the browser back button to continue</H3>";
exit;
}
else {
if (!ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3)) {
die ("Failed to set LDAP Protocol version to 3, TLS not
supported.");
}
if (!ldap_start_tls($ds)) {
die ("Ldap_start_tls failed");
}
if (ldap_bind ($ds, $serv_user, $serv_pass)) { # Bind Ok

The result is:
LDAP Connection handler:Resource id #2

Warning: ldap_start_tls() [function.ldap-start-tls]: Unable to start TLS:
Connect error in C:WEBROOTad.php on line 30
Ldap_start_tls failed

Secure LDAP Binding Issues
I'm attempting to use LDAP on a web site to authenticate users to an existing directory. Here's a layout of my situation.

Web server running latest vers of apache/php/mysql on a Novell Netware 6 server. I don't expect many of you to be familiar with Netware, but the gist is there is an LDAP server running that allows LDAP access to the Novell NDS (eDirectory 8.5 in my case)

I wish to use PHP to create a secure connection to the ldap server, attempt to bind to the server with a given username and pass, then search the directory if needed.

if I enable 'clear text passwords' on the ldap server, i'm able to connect just fine. however, when I connect to the LDAP server securely, I can get it to 'connect' without an error, but then when i attempt to bind, i get an error message saying that the ldap server cannot be contacted (or something to that effect)

my assumption is that something isn't right with the SSL key the ldap server is providing. Does anyone know of a way to get at this data to get a better idea of what's going on?

Ldap And Php4 With W2k Active Directory
I am trying to get ldap info from a W2K active directory. I have the authentication down, but I want to search on the aa0000000 to get the name associated with the login. Basically I am making a request form that will be used once a year, but need to be sure of the people signing up, use resources already setup, and have one login/pass. Code:

Sorting LDAP Ouput With PHP3
I am wanting to create a telephone list of all users on a LDAP database. I have managed to extract the data, but cannot get the code to sort the results in alphabetic order , based on surname. My code:

LDAP Works In Java Client
I'm attempting to authenticate against an Active Directory server with PHP. I've confirmed that my basic connection settings are correct by using a Java based LDAP client (LDAP Browser and JXplorer both allow connections).

I'm using PHP 5.1.6 and LDAP Support is enabled (OpenLDAP). Apache version is 2.2.3. The connection is over plain TCP, so there is no SSL layer to worry with right now. My connection settings are: PHP Code:

Installation Php For Ldap And Apache Under Linux
i'm trying to compile for apache the php with a link for functions ldap In a static way with apache , i have to launch a configure for apache first , then i go to php and i launch a configure --with-apache= directory apache --with-ldap = directory ldap and i finish with make and make install for php:

this is functionning The last thing to do is to activate module php for apache with the following command for apache :

./configure --activate-module=/src/modules/php3/libphp3.a

and after make and make install but when i launch the make the functions ldap aren't not found I use apache 1.3.12 , php 3.0.17 and openldap 1.2.11 and a linux mandrake 7.0.

LDAP For Current Logged In User
We are trying to setup LDAP for users to utilize our Intranet and
perform some CMS stuff.. (we are using Active Directory). We are able
to bind and query, no problem.. We are using PHP on IIS and MySQL as
the DB

However I am wondering if there is a way to find out who is currently
logged in and even what their LDAP distinguishedName is.. For example
in VBScript I call objUser = GetObject("LDAP://" & strUserDN)....

If nothing is built in, is there a way to combine the vbscript and php
together and get it back?

LDAP Function - Unable To Bind To Server:
Please any body help me to use the LDAP function in PHP.

i got an error while use the ldap function

Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Can't
contact LDAP server in F:User HomeRajeshMy Documentsldap est.php on line 14 LDAP bind failed...

Ldap Server Can Not Replace The Order Of Login, Why?
<?php
$ldapServer="ldap://192.168.1.211";
$ldapPort="389";
$ldapconn=ldap_connect($ldapServer,$ldapPort);
$ldaprdn="uid=root, ou=People, dc=aitc, dc=com, dc=tw";
$ldappass="abcd";

if($ldapconn){
echo "connect to ".$ldapServer." successfully
<br>";
}else{
echo "can't connect to LDAP server!
<br>";
}
if ($ldapconn) {
// binding to ldap server to give update access
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP binding successful...
";
} else {
echo "LDAP binding failed...
";
}
}
//data preparation
//I am not very sure what attribute should be filled
$data["uid"]="tester";
$data["cn"]="Tester 1";
$data["objectclass"][0]="account";
$data["objectclass"][1]="posixAccount";
$data["objectclass"][2]="top";
$data["userpassword"]="tester";
$data["loginshell"]="/usr/local/bin/bash";
$data["uidnumber"]=3100;
$data["gidnumber"]=3100;
$data["homedirectory"]="/home/tester";
$data["gecos"]="Tester 1";

// Before ldap_add(), should check the user already exists or not
if(!ldap_add($ldapconn,"uid=tester, ou=People, dc=aitc, dc=com,
dc=tw", $data)){
echo "There is a problem to create the account
";
echo "Please contact your administrator!
";
exit;
}else{
echo "account creation successfully";
}
ldap_close($ldapconn);
?>

I used ldapbrowser to connect LDAP server(openldap), and I can see all
the userCbut I can not Add EntryCbut I can Delete Entry
Then I wrote the php code above to add a new user testerithe
$data fields are all the fields of LDAP, but some fields were filled
by me randomlyClike uidnumber˜agidnumberj, but if
I do not fill those fields, it will occurs the following warning
message

Warning: ldap_add(): Add: Object class violation in
d:AppServwwwLDAP_test1.ph
p on line 74
There is a problem to create the account
Please contact your administrator!

But I found the biggest problem is : my ldap server can not replace
the login order, i.e, I want to build accounts/passwords in openldap
server, then users can use the account/password in ldap server and
login freebsd server. But when I use the above php code to create a
tester account, the user "tester" still can not use tester/tester to
login freebsd host, why?

BaseDN LDAP Search

I'm having a problem with an LDAP search from PHP against a Win2K3 Active Directory. My script will happily search an OU such as "OU=Techs,DC=Domain,DC=Local", but if I search the root of the AD using just "DC=Domain,DC=Local" then I get an Operations Error returned.

I'm having a problem with an LDAP search from PHP against a Win2K3 Active Directory.

My script will happily search an OU such as "OU=Techs,DC=Domain,DC=Local", but if I search the root of the AD using just "DC=Domain,DC=Local" then I get an Operations Error returned.