Ldap filter for outstandingName

Question

Ldap filter for outstandingName

I successfully query our Active Directory for a user with the following code:

$filter = (&(objectCategory=person)(samaccountname=someusername)); $fields = array("samaccountname","mail","manager","department","displayname","objectGUID"); $user = ldap_search($ldapconnection, $baseDn, $filter, $fields);

The resulting array gives this value for the manager attribute:

 CN=McBossy\, Boss,OU=Users,OU=CentralOffice,DC=ds,DC=example,DC=com

For me, it looks like a distinguished name. But when I try to request a manager entry,

 $filter = (&(objectCategory=person)(dn='CN=McBossy\, Boss,OU=Users,OU=CentralOffice,DC=ds,DC=example,DC=com')); $manager = ldap_search($ldapconnection, $baseDn, $filter, $fields);

request fails with PHP Warning: ldap_search(): Search: Bad search filter error PHP Warning: ldap_search(): Search: Bad search filter

I tried several possibilities, including different quotes, more brackets using distinguishedName , not dn , etc.

What am I doing wrong and how to choose the right manager entry?

+4

php ldap ldap-query

dnagirl Jun 25 '13 at 17:39

source share

1 answer

Terry gardner · Accepted Answer · 2013-06-25T18:14:24+0000

dn not an attribute. Only attribute types, OIDs, and names can be used in filters.

When you get the manager attribute to get the attributes for the DN, which is the manager, use the value of the manager attribute as the base object in the search request. Specify a BASE search scope, a filter of either (&) or (objectClass=*) and request the necessary attributes. Then send the search request to the server and interpret the response.

Ldap filter for outstandingName

More articles: