Geek Answers Handbook

Php ldap search: no such object

I am new to LDAP, so I will try to explain correctly
I have a hostname of "energia.sise"

I need all users to be in energia.sise/nej/users

could you advise me how to do this?

in this code I tried to get my record based on my email, but there were errors
Warning: ldap_search (): Search: No such object

  $base_dn ="OU=users, OU=nej, DC=energia, DC=sise"; $ds = ldap_connect("energia.sise") or die("   $ldaphost"); ldap_bind($ds, " login@energia ", "password"); $filter = '(&(objectClass=user)(CN=*)(mail=kosmos*))'; $sr = ldap_search($ds, $base_dn, $filter); $info = ldap_get_entries($ds, $sr);
+8
source share
3 answers

With the exception of the unnecessary CN = * filter component, as Terry Gardner has already noted, your filter seems to be the right one. Therefore, I suspect there are other possible problems with your code:

  • The username format you are using is incorrect. Try binding to login@energia.sise or ENERGIA \ login .
  • The container "OU = users, OU = nej, DC = energia, DC = sise" does not exist. Try searching the entire domain "DC = energia, DC = sise" and see if you get any results.

  • Use the ldap v3 protocol in Active Directory whenever possible. This must be installed before you contact:

    ldap_set_option( $ds, LDAP_OPT_PROTOCOL_VERSION, 3 );

  • I recommend that you also turn off referral processing for ldap v3, as it sometimes causes some strange behavior for AD:

    ldap_set_option( $ds, LDAP_OPT_REFERRALS, 0 );

When performing a search operation such as this, the “No such object” error usually refers to the fact that the base DN does not exist. If no user matched your filter, the server would return an empty result set.

Hope this helps!

+10
source

The specified base object "OU=users, OU=nej, DC=energia, DC=sise" does not exist. The base object is the starting point of the search - as a result of the search, only records in the base objects or lower will be returned, with the exception of one-level searches, in which case the base object will not be returned.

Before writing code, use a well-known good tool, for example ldapsearch , to determine the correctness of the required query parameters:

 ldapsearch -h energia.sise -p port-number \ -D login@energia -w password \ -b ou=users,ou=nej,dc=energia,dc=sise -s sub \ '(&)' 1.1

If the above image displays an error indicating that the base object does not exist, find the correct base object and try again.

As a side note, not related to the problem of the existing base object, the cn=* filter component is not needed and will increase the search time, since cn=* is real , that is, records containing the cn attribute will meet the search criteria. If I am not mistaken, the cn attribute is required for the User objectClass, so using the & filter with objectClass=User and cn=* does nothing except the server spends more time searching.

see also

+4
source

Update

UPDATE: Using the free version of LDAP Browser (check out here ) was good because you can just browse the LDAP server, it helps to understand whether it is possible to bind anonymously, etc. Etc. But the biggest advantage was getting the DN (copy and paste). After that, I was able to read the data.

I had the following problems, and here is how I solved it:

Task 1

  • Problem 1: Unable to bind, although I could connect anonymously through LDAP browser software

  • Solution: added the following lines before binding, as described above:

     ldap_set_option( $ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3 ); ldap_set_option( $ldapconn, LDAP_OPT_REFERRALS, 0 );

    After that, I was able to tie ...

Task 2

  • Problem 2: Cannot find ...

  • Solution: Open the LDAP browser. Check the connection to make sure you can connect to the LDAP server. View an example recording. Right-click and go to Properties, copy the DN and replace it in the code, and here it is!

The original message is shown below:

I can't seem to do a search and use the free version of LDAP Browser 4.5 to make sure everything works ...

This is my code:

 function ldap_anon_connect($ein){ $ldaphost = "ldap://link_to_ldap.com"; //create a connection to ldap server $ldapconn = ldap_connect($ldaphost) or die("Couldn't connect to " .$ldaphost); if ($ldapconn) { ldap_set_option( $ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3 ); ldap_set_option( $ldapconn, LDAP_OPT_REFERRALS, 0 ); $ldapbind = ldap_bind($ldapconn); if ($ldapbind) { // if binds, look some stuff up $info = ldap_annon_get_profile($ein, $ldapconn); return $info; } else{ echo "Invalid EIN. Please Try again"; die(); } } } function ldap_annon_get_profile($ein, $ldapconn){ $filter = "(cn=".$ein.")"; $justthese = array( "cn","sn","givenName","displayName","mail","EmployeeClass","ManagerEIN", "mobile","title","c","PersonalTitle" ); $sr = ldap_search($ldapconn, "o=CO,ou=COplc,ou=people", $filter, $justthese); $info = ldap_get_entries($ldapconn, $sr); return $info; }

I double checked my DN = " o=CO,ou=COplc,ou=people ", this is the correct line, since I can look for things in the LDAP browser ...

Any ideas?

+1
source

More articles:


All Articles