Beware of the case sensitivity in php and LDAP/AD connections!

Ok, things do not behave always as they should!
One of those frustrations is case sensitivity when you try use ldap queries from php code.
Consider the following example:
<?php
$ldapuser = "user";
$ldappass = "pass";
$basedn = "OU=People,DC=staff,DC=company,DC=com";
$domain = "staff.company.com";
$ldaphost = "ldap.staff.company.com";
$filter="(&(objectclass=person)(sAMAccountName=$ldapuser))";
$LDAPFieldsToFind = array("cn", "mail", "sAMAccountName");

// connect to ldap server
$ldapconn = ldap_connect($ldaphost);

// Setting Active Directory
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

// binding to ldap server
$ldapbind = @ldap_bind($ldapconn, "{$ldapuser}@{$domain}", $ldappass);
echo "\nSearching in base_dn $basedn - filter: $filter\n";
$userdetails = ldap_search($ldapconn, $basedn, $filter, $LDAPFieldsToFind);
$info = ldap_get_entries($ldapconn, $userdetails);

  for ($x=0; $x<$info["count"]; $x++) {
    $email=$info[$x]['mail'][0];
    $nam=$info[$x]['cn'][0];
    $samaccountname=$info[$x]["sAMAccountName"][0];
      print "\nCN is: $nam \n";
      print "Mail is: $email\n";
      print "Uid: $samaccountname\n";
  }
?>

Although the above piece of code is perfectly right, you won't get any results!

You will also get a message similar to:
PHP Notice:  Undefined index: sAMAccountName in xxx.php on line xxx

Why?? Because for some strange reason, the attributes should be in lower case.
Therefore if you change sAMAccountName to samaccountname everything will work as expected...

The lines that should modified are:
$filter="(&(objectclass=person)(samaccountname=$ldapuser))";
$LDAPFieldsToFind = array("cn", "mail", "samaccountname"); 
$samaccountname=$info[$x]["samaccountname"][0];
Try it for yourself, and post your comments in case you experience something different...

4 comments:

  1. Yes! I met the same issue...
    It's weird.

    ReplyDelete
  2. there is no result because the sensitive case for the letters
    how can i let ignore the case letters

    ReplyDelete
  3. Jackpot City - Review, Ratings, Games, Customer Service
    With our Jackpot City review, you'll 엠비션주소 learn all 토토 사이트 넷마블 you need to 벳 플릭스 know about Jackpot City, from 강원 랜드 여자 welcome bonuses and banking options. w88

    ReplyDelete