LDAP Support: Check for adding LDAP_OPT_REFERRALS option.

[alorbach]

add in line functions_users.php at line 302 : ldap_set_option($ldapConn, LDAP_OPT_REFERRALS,0); TODO: Check why this setting should be enabled / disabled.

[alorbach]

Details , could be made configureable:

The LDAP_OPT_REFERRALS option in LDAP connections is used to handle referrals automatically. A referral in LDAP is a type of response from the server indicating that the client should look elsewhere to fulfill its request. This often happens in distributed LDAP environments, where no single server has a complete view of the entire directory.

However, when connecting to a Windows Server (like the 2012 version in your question), you might be using Simple Bind to authenticate via LDAP, which is a common method. When Simple Bind is used with Microsoft's Active Directory, it doesn't handle LDAP referrals properly. If your application follows the referral to another domain controller, it will attempt to authenticate anonymously, which often fails if anonymous binds are not allowed in your Active Directory environment.

Therefore, the setting ldap_set_option($ldapConn, LDAP_OPT_REFERRALS,0); is used to disable automatic referral following in the PHP LDAP library. The 0 means "no", so it turns off referrals. This allows the Simple Bind to authenticate correctly without getting tripped up by referrals.

In general, setting LDAP_OPT_REFERRALS to 0 is a common practice when dealing with Microsoft's Active Directory, and it's often necessary to allow the authentication to proceed properly.