jvillafanez
commented
7 years ago Might be worthy to have a look at https://pear.php.net/manual/en/package.networking.net-ldap2.filter.php to handle everything related to the LDAP filters.
Open butonic opened 7 years ago
jvillafanez
commented
7 years ago Might be worthy to have a look at https://pear.php.net/manual/en/package.networking.net-ldap2.filter.php to handle everything related to the LDAP filters.
a broken loginfilter might otherwise cause the ldap query to hang.
while
(&(objectclass=person))(|(mail=%uid)(samaccountname=%uid)))looks ok at first glance actually only(&(objectclass=person))will be used. using ldapsearch on the cli the queryparsing will end with a bad request error. if you useocc ldap:searchit will hang. might be caused by ad.the correct string in this case is missing a
(&at the beginning:(&(&(objectclass=person))(|(mail=%uid)(samaccountname=%uid))).The ugly part is that there is no errer message whatsoever anywhere ... if you manually add
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);to theLDAP::preFunctionCall()you can get the query parsing on the cli.@dercorn can you add a config that was broken? or send it to me and I'll clean it up to only show the problematic entries.
see https://tools.ietf.org/search/rfc2254#section-4 for a ABNF for parsing the filter