ldap filter for distinguishedName

php ldap ldap-query
28,257

dn is not an attribute. Only attribute types, OIDs, and names can be used in filters.

When you get the manager attribute, to get the attributes for the DN that is the manager, use the value of the manager attribute as the base object in a search request. Set the scope of the search to BASE, the filter to either (&) or (objectClass=*) and request the attributes required. Then transmit the search request to the server and interpret the response.

Share:
28,257
dnagirl
Author by

dnagirl

Updated on March 16, 2021

Comments

  • dnagirl
    dnagirl about 3 years

    I am successfully querying our Active Directory for a user with the following code:

    $filter = (&(objectCategory=person)(samaccountname=someusername));
$fields = array("samaccountname","mail","manager","department","displayname","objectGUID");

$user = ldap_search($ldapconnection, $baseDn, $filter, $fields);

    The resulting array gives this value for the manager attribute:

    CN=McBossy\, Boss,OU=Users,OU=CentralOffice,DC=ds,DC=example,DC=com

    This looks like a distinguishedName to me. But when I try to query for the manager's record,

    $filter = (&(objectCategory=person)(dn='CN=McBossy\, Boss,OU=Users,OU=CentralOffice,DC=ds,DC=example,DC=com'));

$manager = ldap_search($ldapconnection, $baseDn, $filter, $fields);

    the query fails with PHP Warning: ldap_search(): Search: Bad search filter

    I've tried a number of possibilities including different quotation, more parentheses, using distinguishedName rather than dn, etc.

    What am I doing wrong and what is the right way to get the manager's record?

  • dnagirl
    dnagirl almost 11 years
    ok. Then, given that the only link to a user's manager (so far as I know) is the manager attribute, how do I use that information to get the manager's user record?
  • dnagirl
    dnagirl almost 11 years
    Wouldn't that find all the people who had my current user as a manager? I want to get the manager of my current user. Sorry if I'm being thick.
  • Terry Gardner
    Terry Gardner almost 11 years
    Yes, it would. I re-read your question and updated my answer.
  • Brian Ashe
    Brian Ashe over 4 years
    Hi, I'm in the same boat -- I can query a user by email, get their manager in the result, then I want to get their manager's manager, but all I have to work with from the first AD result is "CN=McBossy\, Boss,OU=Users,OU=CentralOffice,DC=ds,DC=example,DC=com". I don't know enough about AD to make use of this answer. I understand when you say that you can't search by DN, but how do I "set the scope of the search to BASE"? I'm using almost the same code as @dnagirl to start.
  • dnagirl
    dnagirl over 4 years
    @BrianAshe, php's ldap_search is a wrapper for ldapsearch. To understand the options, have a look here: access.redhat.com/documentation/en-US/Red_Hat_Directory_Serv‌​er/… You're probably most interested in the -b option
  • Peter Thoeny
    Peter Thoeny almost 4 years
    The full DN in the search filter did not work for me until I escaped special characters (in my case parenthesis) - see stackoverflow.com/questions/4827263/…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to sort LDAP Result with LDAP Query?
Bad search filter on LDAP when trying to get user data
LDAP Filter - Find all users of specific OU
LDAP Authentication on Windows
How can i format an LDAP Filter that includes special characters? ('Classic' ASP)
How to enable LDAP extension for PHP in Ubuntu
LDAP - List groups
ldapsearch Size limit exceeded with paging and certificate
LDAP Auth on WAMP
Using LDAP functions to get Active Directory tokenGroups attribute in PHP