Interesting point,
if you can't bind to active directory with the error "49: Invalid Credentials", you can get the extended error output from the ldap_get_option function, using the option: LDAP_OPT_DIAGNOSTIC_MESSAGE. Unfortunately php hasn't defined this by default, but it's value is 0x0032.
This is useful if a user must change their password at first login (Data: 773), or if their account has expired on the network (Data: 532).
<?php
define(LDAP_OPT_DIAGNOSTIC_MESSAGE, 0x0032)
$handle = ldap_connect('ldap://active.directory.server/');
$bind = ldap_bind($handle, 'user', 'expiredpass');
if ($bind) {
if (ldap_get_option($handle, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error)) {
echo "Error Binding to LDAP: $extended_error";
} else {
echo "Error Binding to LDAP: No additional information is available.";
}
}
?>
Or something to that effect..
It took me a while to work this one out, so i figured i'd share my results..
