How to PHP ldap_search() to get user OU if I don't know the OU for base DN

Question

I have an Active-Directory structure where User objects reside in OU for example, IT, Technical, HR, Accounts etc.. I want to write a PHP script that authenticates the user

Answer 1

If you try to perform the searches on Windows 2003 Server Active Directory or above, it seems that you have to set the LDAP_OPT_REFERRALS option to 0:

ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);

Without this, you will get "Operations error" if you try to search the whole AD (using root of the domain as a $base_dn).

---

In LDAP Directories in general any node can be under any node (a user is a node, an ou is a node).

But Active-Directory behave in a different way the SCHEMA define in which container an object can exist. So, if you look for a user, superiors allowed are: builtinDomain, domainDNS and organizationalUnit as you can see here under: