exactly what error do you receive without this addition?

ldap_search() [function.ldap-search]: Search: Operations error

Full path: E:\mantis\mantis-1.1.0a1\core\ldap_api.php
Line: 126
Function: ldap_search
Args: ( , 'dc=subdomain,dc=domain,dc=com', '(&(sAMAccountName=eiben))', { [0] => 'sAMAccountName', [1] => 'dn' } )

Is that sufficient?

eiben : Would you please share with me your experience of configuring Mantis?

I have exactly the same environment as you do, but I can not make the Ldap work.

Specificly, I am not sure how to set these parameters and I am not sure what else I need to do.

--- using openldap -------------

$g_ldap_server          = 'ldap://ldap.xxx.com';
$g_ldap_port            = '399';
$g_ldap_root_dn         = 'OU=Departments,DC=xxxx,DC=com';
#$g_ldap_organization   = '';    # e.g. '(organizationname=*Traffic)'
$g_ldap_uid_field       = 'sAMAccountName'; # 'cn' 'uid' Use 'sAMAccountName' for Active Directory
$g_ldap_bind_dn         = 'CN=xxxx';#,OU=Departments,DC=xxxxx,DC=com
$g_ldap_bind_passwd     = 'xxxxxxx';
$g_use_ldap_email       = ON; 
$g_ldap_protocol_version = 0;

you may email me :edward.gao at gmail.com, Thanks a lot.

I believe this may be a duplicate of 7432.

Well, I use a different $g_ldap_bind_dn ... this is my current config:

$g_ldap_server = 'ldap://server.domain.com/';
$g_ldap_port = '389'; #'636';
$g_ldap_root_dn = 'dc=domain,dc=com';
$g_ldap_organization = ''; # e.g. '(organizationname=*Traffic)'
$g_ldap_uid_field = 'sAMAccountName'; # Use 'sAMAccountName' for Active Directory
$g_ldap_protocol_version = 3;

$g_ldap_bind_dn = 'domain\mantiserviceuser';
$g_ldap_bind_passwd = 'mantisserviceuserpass';

As you can see, I've setup a special account to do the lookups for mantis. This works for me, running on a windows-box as well as running on a linux-box. Both boxes are part of a windows 2003 active directory structure.

I also have the same problem with a Win 2003 ADS server.

The issue has already been discussed on the php-manual pages, e.g, http://de3.php.net/manual/de/function.ldap-search.php.

Here is the comment which helped me to continue:

cbrinker at contronicssolutions dot com

23-Jan-2007 11:18

I was completely lost trying to setup LDAP access with a Windows Server 2003 environment, but I finally got it to work. Here's a lifesaving tip:
-Script/web server cannot be located on the Active Directory server that you are querying
As well, here's the sample code I used:
<?php

//This code cannot be executed on the same server as AD is installed on!!!
//Connect
$ad = ldap_connect("ad server");

//Set some variables
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);

//Bind to the ldap directory
$bd = ldap_bind($ad,"user@domain.com","password")
    or die("Couldn't bind to AD!");

//Search the directory
$result = ldap_search($ad, "OU=orginizational unit,DC=domain,DC=com", "(CN=*)");

//Create result set
$entries = ldap_get_entries($ad, $result);

//Sort and print
echo "User count: " . $entries["count"] . "<br /><br /><b>Users:</b><br />";

for ($i=0; $i < $entries["count"]; $i++)
{
    echo $entries[$i]["displayname"][0]."<br />";
}

//never forget to unbind!
ldap_unbind($ad);
?>

In fact, I required both lines

ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);

ldap_set_option($ad, LDAP_OPT_REFERRALS, 0);

$g_ldap_protocol_version        = 3;

confirmed on Win2k3, Mantis 1.2.0a3
and noticed fix works

I was just wondering what the LDAP_OPT_REFERRALS flag means.
Only found the following information which indeed doeas not give me much of a clue http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/apis/ldap_set_option.htm:

LDAP_OPT_REFERRALS

Specifies whether the LDAP library will automatically follow referrals returned by LDAP servers or not. It can be set to one of the constants LDAP_OPT_ON or LDAP_OPT_OFF. By default, the LDAP client will follow referrals.

I wonder if there is something to fix here? It seems that the fix was to set the protocol version to 3. Did the referrals matter?

Is this just a documentation issue where we provide a set of settings to use for connecting to AD?

In my case, protocol version 3 is not the whole story (cf. the ending lines of my note 0007620:0018646 ).
I explicitly have to set the LDAP_OPT_REFERRALS parameter.

This requires a change in the code.

@tk LDAP_OPT_REFERRALS is configurable via $g_ldap_follow_referrals in 1.2.0rc2. It would be great if you can test 1.2.0rc2 and provide feedback.

Now it works in my environment.
(I've seen the comments in config_defaults_inc.php are also correct -- thank you!).