Following from my note of 11-Nov-2009 06:56 regarding DN issues when using LDAP instead of the Global Catalog when querying AD, further investigation was showing that although the results were in the packet, I was getting an error instead:
'Search: Can't contact LDAP server' AKA Error 81.
Using more detailed analysis:
ldap_get_option($ds,LDAP_OPT_ERROR_STRING,$error);
echo $error
Displayed:
Referral: ldap://DomainDnsZones.defg.de.bc.ac.uk/ DC=DomainDnsZonesDC=defg,DC=de,DC=abc,DC=ac,DC=uk
By using trial and error, the error went away and results returned when using:
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
