Query the AD like this: $dn = "DC=mydomain,DC=local"; $group_DN = "CN=Intra,OU=Common Security Groups,DC=mydomain,DC=local"; $filter = "(&(objectCategory=user)(memberOf=$group_DN))"; // ... $sr = ldap_search($ad, $dn, $filter) Have a look at the MSDN article about the LDAP search filter syntax for info on more complex filters Be sure to pay attention to the Special Characters section down on that page. A correct solution must pass $group_DN through an escaping mechanism before using it in the filter string! Always try build filters as specific as possible.It is more efficient to let the LDAP server sort out records you don't want, instead of having more records transferred over the wire than you need and throw away half of them on the client.
Query the AD like this: $dn = "DC=mydomain,DC=local"; $group_DN = "CN=Intra,OU=Common Security Groups,DC=mydomain,DC=local"; $filter = "(&(objectCategory=user)(memberOf=$group_DN))"; // ... $sr = ldap_search($ad, $dn, $filter); Have a look at the MSDN article about the LDAP search filter syntax for info on more complex filters. Be sure to pay attention to the Special Characters section down on that page. A correct solution must pass $group_DN through an escaping mechanism before using it in the filter string!
Always try build filters as specific as possible. It is more efficient to let the LDAP server sort out records you don't want, instead of having more records transferred over the wire than you need and throw away half of them on the client.
Thanks for the quick response! But when I try to use your filter I get this error: PHP Warning: ldap_search() function. Ldap-search: Search: Operations error in C:\inetpub\wwwroot\test\test.
Php on line 33 PHP Warning: ldap_get_entries(): supplied argument is not a valid ldap result resource in C:\inetpub\wwwroot\test\test. Php on line 35 – cvack Jul 13 '10 at 10:17 Since I see that you are on Windows, here's a tip. Download Softerra LDAP Browser 2.6 (it's free), connect it to your AD and test your searches with the tool.
-- In theory, a base DN of "DC=mydomain,DC=local" should work, though. – Tomalak Jul 13 '10 at 12:47 Thanks. Now I don't know what the hell is going on.
I did a search for DN: "DC=mydomain,DC=local" FILTER: "(&(objectCategory=user)(memberOf=CN=Intra,OU=Common Security Groups,DC=mydomain,DC=local))" in the LDAP browser with no problems at all. But when I try to do the same thing in PHP I get this error: "PHP Warning: ldap_search() function. Ldap-search: Search: Operations error in C:\inetpub\wwwroot\test\test.
Php on line 17" :( I don't get any errors if I use "OU=Bergen,DC=mydomain,DC=local". But then I have to create a for loop for each OU. – cvack Jul 14 '10 at 7:52 I see you mention Special Characters.
Maybe the error has something to do with it. But I'm not sure I understand it :\ – cvack Jul 14 '10 at 7:56 @cvack: See this thread (drupal. Org/node/55735), the issue seems to be described there.
Scroll to post #9 and see if that helps. Also check your ldap_bind() parameters, usually you bind to AD with a full distinguished name (DN), not with the "user@domain" syntax. – Tomalak Jul 14 '10 at 12:34.
Tomalak I think the problem is that not all users in the Security Group comes from the same OU. If I change $dn = "DC=mydomain,DC=local"; to $dn = "OU=Bergen,DC=mydomain,DC=local"; the filter works. But I also have 2 more OU's with users.
Please use the "Answers" section for actual answers to the question (yes, you can answer your own questions). For mere comments, please use the comment feature. – Tomalak Jul 13 '10 at 12:42.
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.