Beware of the case sensitivity in php and LDAP/AD connections!

Ok, things do not behave always as they should!
One of those frustrations is case sensitivity when you try use ldap queries from php code.
Consider the following example:
<?php
$ldapuser = "user";
$ldappass = "pass";
$basedn = "OU=People,DC=staff,DC=company,DC=com";
$domain = "staff.company.com";
$ldaphost = "ldap.staff.company.com";
$filter="(&(objectclass=person)(sAMAccountName=$ldapuser))";
$LDAPFieldsToFind = array("cn", "mail", "sAMAccountName");

// connect to ldap server
$ldapconn = ldap_connect($ldaphost);

// Setting Active Directory
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

// binding to ldap server
$ldapbind = @ldap_bind($ldapconn, "{$ldapuser}@{$domain}", $ldappass);
echo "\nSearching in base_dn $basedn - filter: $filter\n";
$userdetails = ldap_search($ldapconn, $basedn, $filter, $LDAPFieldsToFind);
$info = ldap_get_entries($ldapconn, $userdetails);

  for ($x=0; $x<$info["count"]; $x++) {
    $email=$info[$x]['mail'][0];
    $nam=$info[$x]['cn'][0];
    $samaccountname=$info[$x]["sAMAccountName"][0];
      print "\nCN is: $nam \n";
      print "Mail is: $email\n";
      print "Uid: $samaccountname\n";
  }
?>

Although the above piece of code is perfectly right, you won't get any results!

You will also get a message similar to:
PHP Notice:  Undefined index: sAMAccountName in xxx.php on line xxx

Why?? Because for some strange reason, the attributes should be in lower case.
Therefore if you change sAMAccountName to samaccountname everything will work as expected...

The lines that should modified are:
$filter="(&(objectclass=person)(samaccountname=$ldapuser))";
$LDAPFieldsToFind = array("cn", "mail", "samaccountname"); 
$samaccountname=$info[$x]["samaccountname"][0];
Try it for yourself, and post your comments in case you experience something different...

4 comments:

  1. Yes! I met the same issue...
    It's weird.

    ReplyDelete
  2. there is no result because the sensitive case for the letters
    how can i let ignore the case letters

    ReplyDelete
  3. BlueHost is the best hosting company for any hosting services you might require.

    ReplyDelete