PHP Active Directory query
Posted: Mon Jun 01, 2009 8:22 pm
Hello, all.
I'm building a PHP application on top of IIS 6 using integrated authentication. It uses Active Directory as its role store by querying the group memberships of the current user.
The below search filter will work when you run it directly against Active Directory, however an error is thrown when trying to run it via PHP.
(member:1.2.840.113556.1.4.1941:=CN=Doe\, John,OU=Department,OU=All_Users,DC=internal,DC=domain,DC=com)
The exact error is PHP Warning: ldap_search() [function.ldap-search]: Search: Bad search filter
I've tried using a double backslash after the last name, as well as stripping out the slashes. Neither throws an error, but they only return an empty result set.
Another query that runs prior to this pulls out the user's attributes, so I know that the connection, bind, and search capabilities are functional.
Has anyone else tried this before and found a solution?
I'm building a PHP application on top of IIS 6 using integrated authentication. It uses Active Directory as its role store by querying the group memberships of the current user.
The below search filter will work when you run it directly against Active Directory, however an error is thrown when trying to run it via PHP.
(member:1.2.840.113556.1.4.1941:=CN=Doe\, John,OU=Department,OU=All_Users,DC=internal,DC=domain,DC=com)
The exact error is PHP Warning: ldap_search() [function.ldap-search]: Search: Bad search filter
Code: Select all
$groupresult = ldap_search($connect, $groupdn, '(member:1.2.840.113556.1.4.1941:=CN=Doe\, John,OU=Department,OU=All_Users,DC=internal,DC=domain,DC=com)', $groupattributes) or die ('Fatal error: There was an error during the LDAP query.');Another query that runs prior to this pulls out the user's attributes, so I know that the connection, bind, and search capabilities are functional.
Has anyone else tried this before and found a solution?