Problem retrieving CN with ldap_search()
Problem retrieving CN with ldap_search()
am 17.02.2010 09:36:39 von Marcel Loose
Hi all,
I've posted this question to comp.lang.php a couple of days ago, but up
till now didn't get a really useful answer. So, here it is:
I' m facing the following problem. I try to retrieve the Common Name
(cn) from an LDAP database, using the commands:
$result = ldap_search($ldap,$basedn, 'mail='.$email, array('dn','cn'));
$entries = ldap_get_entries($ldap, $result);
The weird thing is that $entries[0]['cn'] is empty. I know the search
command succeeded, because $entries[0]['dn'] contains the correct
information. Furthermore, if I issue the following commands:
$result = ldap_search($ldap,$basedn, 'mail='.$email);
$entries = ldap_get_entries($ldap, $result);
var_dump($entries);
I get:
array(2) { ["count"]=> int(1) [0]=> array(24) { ["objectclass"]=>
array(4) { ["count"]=> int(3) [0]=> string(13)
"shadowAccount" [1]=> string(12) "posixAccount" [2]=> string(13)
"inetOrgPerson" } [0]=> string(11) "objectclass" ["gecos"]=>
array(2) { ["count"]=> int(1) [0]=> string(12) "Marcel Loose" }
[1]=> string(5) "gecos" ["uid"]=> array(2) { ["count"]=> int(1)
[0]=> string(5) "loose" } [2]=> string(3) "uid" ["sn"]=> array(2)
{ ["count"]=> int(1) [0]=> string(5) "Loose" } [3]=> string(2)
"sn" ["givenname"]=> array(2) { ["count"]=> int(1) [0]=> string(6)
"Marcel" } [4]=> string(9) "givenname" ["uidnumber"]=> array(2)
{ ["count"]=> int(1) [0]=> string(3) "511" } [5]=> string(9)
"uidnumber" ["mail"]=> array(2) { ["count"]=> int(1) [0]=>
string(15) "lo...@astron.nl" } [6]=> string(4)
"mail" ["gidnumber"]=> array(2) { ["count"]=> int(1) [0]=>
string(4) "1000" } [7]=> string(9)
"gidnumber" ["shadowlastchange"]=> array(2) { ["count"]=> int(1)
[0]=> string(5) "14127" } [8]=> string(16)
"shadowlastchange" ["homedirectory"]=> array(2) { ["count"]=> int(1)
[0]=> string(11) "/home/loose" } [9]=> string(13)
"homedirectory" ["loginshell"]=> array(2) { ["count"]=> int(1)
[0]=> string(9) "/bin/bash" } [10]=> string(10)
"loginshell" ["count"]=> int(11) ["dn"]=> string(35)
"uid=loose,ou=people,dc=astron,dc=nl" } }
As can be seen, the Common Name (cn), is mysteriously missing. The
information IS present in the LDAP database, though. Here's a snippet
of the output of 'slapcat', for the given user:
dn: uid=loose,ou=people,dc=astron,dc=nl
objectClass: shadowAccount
objectClass: posixAccount
objectClass: inetOrgPerson
gecos: Marcel Loose
uid: loose
sn: Loose
givenName: Marcel
structuralObjectClass: inetOrgPerson
entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
creatorsName: cn=Manager,dc=astron,dc=nl
createTimestamp: 20070821132115Z
uidNumber: 511
mail: lo...@astron.nl
gidNumber: 1000
shadowLastChange: 14127
cn: Marcel Loose
userPassword:: <########>
homeDirectory: /home/loose
loginShell: /bin/bash
entryCSN: 20100104140045Z#000000#00#000000
modifiersName: cn=Manager,dc=astron,dc=nl
modifyTimestamp: 20100104140045Z
Am I using ldap_search() incorrectly? Or is this a problem with the
PHP-LDAP module? Or is it a caused by a misconfiguration of LDAP?
Best regards,
Marcel Loose.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Problem retrieving CN with ldap_search()
am 17.02.2010 09:40:58 von list
On 2/17/10, Marcel Loose wrote:
> Hi all,
>
> I've posted this question to comp.lang.php a couple of days ago, but up
> till now didn't get a really useful answer. So, here it is:
>
>
> I' m facing the following problem. I try to retrieve the Common Name
> (cn) from an LDAP database, using the commands:
>
> $result = ldap_search($ldap,$basedn, 'mail='.$email, array('dn','cn'));
> $entries = ldap_get_entries($ldap, $result);
>
> The weird thing is that $entries[0]['cn'] is empty. I know the search
> command succeeded, because $entries[0]['dn'] contains the correct
> information. Furthermore, if I issue the following commands:
>
> $result = ldap_search($ldap,$basedn, 'mail='.$email);
> $entries = ldap_get_entries($ldap, $result);
> var_dump($entries);
>
> I get:
>
> array(2) { ["count"]=> int(1) [0]=> array(24) { ["objectclass"]=>
> array(4) { ["count"]=> int(3) [0]=> string(13)
> "shadowAccount" [1]=> string(12) "posixAccount" [2]=> string(13)
> "inetOrgPerson" } [0]=> string(11) "objectclass" ["gecos"]=>
> array(2) { ["count"]=> int(1) [0]=> string(12) "Marcel Loose" }
> [1]=> string(5) "gecos" ["uid"]=> array(2) { ["count"]=> int(1)
> [0]=> string(5) "loose" } [2]=> string(3) "uid" ["sn"]=> array(2)
> { ["count"]=> int(1) [0]=> string(5) "Loose" } [3]=> string(2)
> "sn" ["givenname"]=> array(2) { ["count"]=> int(1) [0]=> string(6)
> "Marcel" } [4]=> string(9) "givenname" ["uidnumber"]=> array(2)
> { ["count"]=> int(1) [0]=> string(3) "511" } [5]=> string(9)
> "uidnumber" ["mail"]=> array(2) { ["count"]=> int(1) [0]=>
> string(15) "lo...@astron.nl" } [6]=> string(4)
> "mail" ["gidnumber"]=> array(2) { ["count"]=> int(1) [0]=>
> string(4) "1000" } [7]=> string(9)
> "gidnumber" ["shadowlastchange"]=> array(2) { ["count"]=> int(1)
> [0]=> string(5) "14127" } [8]=> string(16)
> "shadowlastchange" ["homedirectory"]=> array(2) { ["count"]=> int(1)
> [0]=> string(11) "/home/loose" } [9]=> string(13)
> "homedirectory" ["loginshell"]=> array(2) { ["count"]=> int(1)
> [0]=> string(9) "/bin/bash" } [10]=> string(10)
> "loginshell" ["count"]=> int(11) ["dn"]=> string(35)
> "uid=loose,ou=people,dc=astron,dc=nl" } }
>
> As can be seen, the Common Name (cn), is mysteriously missing. The
> information IS present in the LDAP database, though. Here's a snippet
> of the output of 'slapcat', for the given user:
>
> dn: uid=loose,ou=people,dc=astron,dc=nl
> objectClass: shadowAccount
> objectClass: posixAccount
> objectClass: inetOrgPerson
> gecos: Marcel Loose
> uid: loose
> sn: Loose
> givenName: Marcel
> structuralObjectClass: inetOrgPerson
> entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
> creatorsName: cn=Manager,dc=astron,dc=nl
> createTimestamp: 20070821132115Z
> uidNumber: 511
> mail: lo...@astron.nl
> gidNumber: 1000
> shadowLastChange: 14127
> cn: Marcel Loose
> userPassword:: <########>
> homeDirectory: /home/loose
> loginShell: /bin/bash
> entryCSN: 20100104140045Z#000000#00#000000
> modifiersName: cn=Manager,dc=astron,dc=nl
> modifyTimestamp: 20100104140045Z
>
> Am I using ldap_search() incorrectly? Or is this a problem with the
> PHP-LDAP module? Or is it a caused by a misconfiguration of LDAP?
>
> Best regards,
> Marcel Loose.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: Problem retrieving CN with ldap_search()
am 18.02.2010 09:25:48 von Marcel Loose
Hi all,
Sorry to reply to myself, but I finally solved the issue. In the end it
turned out it *did* have something to do with the LDAP configuration.
For some reason, retrieval of 'cn' attributes was disallowed, as can be
seen in this snippet from /etc/openldap/slapd.conf:
access to attrs=userPassword,userPKCS12,cn
by self write
by * auth
Removing 'cn' from 'attrs' solved the problem.
Best regards,
Marcel Loose.
On 2/17/10, Marcel Loose wrote:
> Hi all,
>
> I've posted this question to comp.lang.php a couple of days ago, but
up
> till now didn't get a really useful answer. So, here it is:
>
>
> I' m facing the following problem. I try to retrieve the Common Name
> (cn) from an LDAP database, using the commands:
>
> $result = ldap_search($ldap,$basedn, 'mail='.$email,
array('dn','cn'));
> $entries = ldap_get_entries($ldap, $result);
>
> The weird thing is that $entries[0]['cn'] is empty. I know the search
> command succeeded, because $entries[0]['dn'] contains the correct
> information. Furthermore, if I issue the following commands:
>
> $result = ldap_search($ldap,$basedn, 'mail='.$email);
> $entries = ldap_get_entries($ldap, $result);
> var_dump($entries);
>
> I get:
>
> array(2) { ["count"]=> int(1) [0]=> array(24) { ["objectclass"]=>
> array(4) { ["count"]=> int(3) [0]=> string(13)
> "shadowAccount" [1]=> string(12) "posixAccount" [2]=> string(13)
> "inetOrgPerson" } [0]=> string(11) "objectclass" ["gecos"]=>
> array(2) { ["count"]=> int(1) [0]=> string(12) "Marcel Loose" }
> [1]=> string(5) "gecos" ["uid"]=> array(2) { ["count"]=> int(1)
> [0]=> string(5) "loose" } [2]=> string(3) "uid" ["sn"]=> array(2)
> { ["count"]=> int(1) [0]=> string(5) "Loose" } [3]=> string(2)
> "sn" ["givenname"]=> array(2) { ["count"]=> int(1) [0]=> string(6)
> "Marcel" } [4]=> string(9) "givenname" ["uidnumber"]=> array(2)
> { ["count"]=> int(1) [0]=> string(3) "511" } [5]=> string(9)
> "uidnumber" ["mail"]=> array(2) { ["count"]=> int(1) [0]=>
> string(15) "lo...@astron.nl" } [6]=> string(4)
> "mail" ["gidnumber"]=> array(2) { ["count"]=> int(1) [0]=>
> string(4) "1000" } [7]=> string(9)
> "gidnumber" ["shadowlastchange"]=> array(2) { ["count"]=> int(1)
> [0]=> string(5) "14127" } [8]=> string(16)
> "shadowlastchange" ["homedirectory"]=> array(2) { ["count"]=> int(1)
> [0]=> string(11) "/home/loose" } [9]=> string(13)
> "homedirectory" ["loginshell"]=> array(2) { ["count"]=> int(1)
> [0]=> string(9) "/bin/bash" } [10]=> string(10)
> "loginshell" ["count"]=> int(11) ["dn"]=> string(35)
> "uid=loose,ou=people,dc=astron,dc=nl" } }
>
> As can be seen, the Common Name (cn), is mysteriously missing. The
> information IS present in the LDAP database, though. Here's a snippet
> of the output of 'slapcat', for the given user:
>
> dn: uid=loose,ou=people,dc=astron,dc=nl
> objectClass: shadowAccount
> objectClass: posixAccount
> objectClass: inetOrgPerson
> gecos: Marcel Loose
> uid: loose
> sn: Loose
> givenName: Marcel
> structuralObjectClass: inetOrgPerson
> entryUUID: 2375bf08-e435-102b-8b97-3952138d3cf7
> creatorsName: cn=Manager,dc=astron,dc=nl
> createTimestamp: 20070821132115Z
> uidNumber: 511
> mail: lo...@astron.nl
> gidNumber: 1000
> shadowLastChange: 14127
> cn: Marcel Loose
> userPassword:: <########>
> homeDirectory: /home/loose
> loginShell: /bin/bash
> entryCSN: 20100104140045Z#000000#00#000000
> modifiersName: cn=Manager,dc=astron,dc=nl
> modifyTimestamp: 20100104140045Z
>
> Am I using ldap_search() incorrectly? Or is this a problem with the
> PHP-LDAP module? Or is it a caused by a misconfiguration of LDAP?
>
> Best regards,
> Marcel Loose.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php