I am successfully querying our Active Directory for a user with the following code:
$filter = (&(objectCategory=person)(samaccountname=someusername)); $fields = array("samaccountname","mail","manager","department","displayname","objectGUID"); $user = ldap_search($ldapconnection, $baseDn, $filter, $fields);
The resulting array gives this value for the
This looks like a distinguishedName to me. But when I try to query for the manager’s record,
$filter = (&(objectCategory=person)(dn='CN=McBossy, Boss,OU=Users,OU=CentralOffice,DC=ds,DC=example,DC=com')); $manager = ldap_search($ldapconnection, $baseDn, $filter, $fields);
the query fails with
PHP Warning: ldap_search(): Search: Bad search filter
I’ve tried a number of possibilities including different quotation, more parentheses, using
distinguishedName rather than
What am I doing wrong and what is the right way to get the manager’s record?
dn is not an attribute. Only attribute types, OIDs, and names can be used in filters.
When you get the
manager attribute, to get the attributes for the DN that is the manager, use the value of the
manager attribute as the base object in a search request. Set the scope of the search to
BASE, the filter to either
(objectClass=*) and request the attributes required. Then transmit the search request to the server and interpret the response.