ldap_get_entries returns array with element count=zero
In some situations ldap_get_entries returns array with element count=zero, so I have an array like array('count'=>0) without any further entries.
What are the conditions for this to happen?
PS:
- if the OU I am searching in is empty I am getting a different error (Invalid Base DN)
- if the user doesn't have permissions to an OU I am getting the same error as above
EDIT:
- the PHP code is irrelevant, since I can do all kind of searches with it and the above mentioned problem happens only in some strange Active Directory configurations
- if you still insists...
$entries = ldap_get_entries($this->ldap_connection, $search_result);
- ldap_get_entries returns in most of the cases what I expect it to return with proper errors
So, to restate my question, what are the conditions for ldap_get_entries to return an array with count=0, without any errors. By condition I mean:
- Active Directory rights and permissions
- user permissions
- OU permissions (aka Security tab)
- any PHP related information on when this can happen
Thanks
EDIT2 - as requested, here is the rest of the code:
public function connect() {
// connect to the server
$this->ldap_connection = ldap_connect($this->ldap_server);
if (!$this->ldap_connection){
$error_message= "LDAP-Connect-Error: " . ldap_error($this->ldap_connection) . ".";
throw new RuntimeErrorException($error_message);
}
// set protocol version
if (!ldap_set_option($this->ldap_connection, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_protocol_version)){
$error_message= "LDAP-SetProtocolVersion-Error: " . ldap_error($this->ldap_connection) . ".";
throw new RuntimeErrorException($error_message);
}
// set with/without referrals (limit/do not limit search on current server)
if (!ldap_set_option($this->ldap_connection, LDAP_OPT_REFERRALS, $this->ldap_protocol_referrals)){
$error_message= "LDAP-SetReferrals-Error: " . ldap_error($this->ldap_开发者_如何学编程connection) . ".";
throw new RuntimeErrorException($error_message);
}
// binding to ldap server
if (!@ldap_bind($this->ldap_connection, $this->ldap_auth_rdn, $this->ldap_auth_pass)){
$error_message= "LDAP-Bind-Error: " . ldap_error($this->ldap_connection) . ".";
throw new RuntimeErrorException($error_message);
}
}
public function search($filter,$fields){
if (!$this->ldap_connection) {
$this->connect();
}
// search the ldap
$search_result = @ldap_search($this->ldap_connection, $this->ldap_base_distinguished_name, $filter,$fields);
if ($search_result===false){
$error_message= "LDAP-Error: " . ldap_error($this->ldap_connection) . ".";
throw new RuntimeErrorException($error_message);
}
//Create result set
$entries = ldap_get_entries($this->ldap_connection, $search_result);
if ($entries === false ){
$error_message= "LDAP-Error: " . ldap_error($this->ldap_connection) . ".";
throw new RuntimeErrorException($error_message);
}
return (is_null($entries) ? array() : $entries); // http://bugs.php.net/48469
}
It seems like ldap_connect
is successfully connecting to your server.
I think the problem is with the ldap_base_distinguished_name
param from ldap_search
, make sure that it's correct and you have that base distinguished name in you AD tree.
It means what you are searching for didn't return results either because it isn't there or you aren't searching correctly for it.
$ldap = new stdclass;
$ldap->host = 'YOUR_HOST';
$ldap->port = 'PORT';
$ldap->user = 'YOUR_USER';
$ldap->pass = 'YOUR_PASS';
$ldap->dn = "CN=Users,DC=DOMAIN,DC=COM,DC=br";
$ldap->filter = '(sAMAccountName=YOUR_USER_NAME)';
try {
$ldap->conn = ldap_connect($ldap->host,$ldap->port);
$ldap->bind = ldap_bind($ldap->conn, $ldap->user, $ldap->pass);
$ldap->option[] = ldap_set_option($ldap->conn, LDAP_OPT_PROTOCOL_VERSION,3);
$ldap->option[] = ldap_set_option($ldap->conn, LDAP_OPT_REFERRALS,0);
$ldap->seach=ldap_search($ldap->conn, $ldap->dn, $ldap->filter);
$ldap->info = ldap_get_entries($ldap->conn, $ldap->seach);
var_dump($ldap);
} catch (Exception $error_message) {
throw new RuntimeErrorException($error_message);
}
精彩评论