1

In some situations ldap_get_entries returns array with element count=zero, so I have an array like array('count'=>0) without any further entries.

What are the conditions for this to happen?

PS:

  • if the OU I am searching in is empty I am getting a different error (Invalid Base DN)
  • if the user doesn't have permissions to an OU I am getting the same error as above

EDIT:

  • the PHP code is irrelevant, since I can do all kind of searches with it and the above mentioned problem happens only in some strange Active Directory configurations
  • if you still insists... $entries = ldap_get_entries($this->ldap_connection, $search_result);
  • ldap_get_entries returns in most of the cases what I expect it to return with proper errors

So, to restate my question, what are the conditions for ldap_get_entries to return an array with count=0, without any errors. By condition I mean:

  • Active Directory rights and permissions
  • user permissions
  • OU permissions (aka Security tab)
  • any PHP related information on when this can happen

Thanks

EDIT2 - as requested, here is the rest of the code:

public function connect() {

    // connect to the server
    $this->ldap_connection = ldap_connect($this->ldap_server);
    if (!$this->ldap_connection){
        $error_message= "LDAP-Connect-Error: " . ldap_error($this->ldap_connection) . ".";
        throw new RuntimeErrorException($error_message);
    }

    // set protocol version
    if (!ldap_set_option($this->ldap_connection, LDAP_OPT_PROTOCOL_VERSION, $this->ldap_protocol_version)){
        $error_message= "LDAP-SetProtocolVersion-Error: " . ldap_error($this->ldap_connection) . ".";
        throw new RuntimeErrorException($error_message);
    }

    // set with/without referrals (limit/do not limit search on current server)
    if (!ldap_set_option($this->ldap_connection, LDAP_OPT_REFERRALS, $this->ldap_protocol_referrals)){
        $error_message= "LDAP-SetReferrals-Error: " . ldap_error($this->ldap_connection) . ".";
        throw new RuntimeErrorException($error_message);
    }

    // binding to ldap server
    if (!@ldap_bind($this->ldap_connection, $this->ldap_auth_rdn, $this->ldap_auth_pass)){
        $error_message= "LDAP-Bind-Error: " . ldap_error($this->ldap_connection) . ".";
        throw new RuntimeErrorException($error_message);
    }
}

public function search($filter,$fields){
    if (!$this->ldap_connection) {
        $this->connect();
    }

    // search the ldap
    $search_result = @ldap_search($this->ldap_connection, $this->ldap_base_distinguished_name, $filter,$fields);
    if ($search_result===false){
        $error_message= "LDAP-Error: " . ldap_error($this->ldap_connection) . ".";
        throw new RuntimeErrorException($error_message);
    }

    //Create result set
    $entries = ldap_get_entries($this->ldap_connection, $search_result);
    if ($entries === false ){
        $error_message= "LDAP-Error: " . ldap_error($this->ldap_connection) . ".";
        throw new RuntimeErrorException($error_message);
    }

    return (is_null($entries) ? array() : $entries); // http://bugs.php.net/48469
}
Improve this question
1
  • Your PHP code is relevant. We don't know how you're setting up the connection. There are certain options for AD that you need to set in your PHP code for example. Commented Apr 12, 2011 at 17:47

3 Answers 3

Reset to default
1

It seems like ldap_connect is successfully connecting to your server.

I think the problem is with the ldap_base_distinguished_name param from ldap_search, make sure that it's correct and you have that base distinguished name in you AD tree.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

It means what you are searching for didn't return results either because it isn't there or you aren't searching correctly for it.

Improve this answer

4 Comments

Use a visual LDAP browser to make sure the data's there before you drive yourself mad!
So, here is an example, with a user if I search the server's base dn, I am getting count=0 and absolutely no errors. I want to understand what is the condition for this to happen.
@Emyr: this is an isolated network on the other side of the world, unfortunately I do not have access to anything more than a Linux based network appliance with PHP support.
@Patkos, edit your question and throw up the code you are using. That way we aren't blind.
0 
$ldap = new stdclass;
$ldap->host = 'YOUR_HOST';
$ldap->port = 'PORT'; 
$ldap->user = 'YOUR_USER';
$ldap->pass = 'YOUR_PASS';
$ldap->dn  = "CN=Users,DC=DOMAIN,DC=COM,DC=br";
$ldap->filter = '(sAMAccountName=YOUR_USER_NAME)';

try {
    $ldap->conn = ldap_connect($ldap->host,$ldap->port);
    $ldap->bind = ldap_bind($ldap->conn, $ldap->user, $ldap->pass);
    $ldap->option[] = ldap_set_option($ldap->conn, LDAP_OPT_PROTOCOL_VERSION,3);
    $ldap->option[] = ldap_set_option($ldap->conn, LDAP_OPT_REFERRALS,0);
    $ldap->seach=ldap_search($ldap->conn,  $ldap->dn, $ldap->filter);
    $ldap->info = ldap_get_entries($ldap->conn, $ldap->seach); 
    var_dump($ldap);
} catch (Exception $error_message) {
    throw new RuntimeErrorException($error_message);
}
Improve this answer

1 Comment

In your post, please explain your answer along with your posted code to make it more understandable to visitors of this question.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.