I am experiencing a weird issue with Zend_Ldap (Zend_Framework 1.12) and PHP 5.6.24 on Windows 2012 R2 when searching for a CN. Basically, I send an LDAP search for the DN:
CN=ABUsers,CN=Users,DC=escenterprise,DC=net
after successfully binding with a valid LDAP user. That is confirmed by this Wireshark trace:
What I find odd in the trace is that I get a proper response to my search query, which includes the users in the CN I am targeting. However, instead of returning that search result, the PHP LDAP extension (php_ldap.dll, v5.6.24.0) attempts 3 extra binds using the ROOT user for the following CN:
- CN=Configuration,DN=escenterprise,DN=net
- CN=DomainDnsZones,DN=escenterprise,DN=net
- CN=ForestDnsZones,DN=escenterprise,DN=net
Those binds appear to succeed; however the following extra searches for the 3 CN above all fail with the following error message:
0x1 (Operations error; 000004DC: LdapErr: DSID-0C090752, comment:
In order to perform this operation a successful bind must be completed on the
connection., data 0, v2580): searching:
(&(objectclass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=ABUsers,CN=Users,dc=escenterprise,dc=net))
I understand that the 3 CN are contained in the response to my first query. However, I am having some troubles to understand why the 3 extra searches occur in the first place, along with the 3 binds as ROOT.
The issue only happens in one test environment, which is configured the same way of my other test environments where everything works correctly, that is, Zend_Ldap does not return an exception performing the very same search and it does not search the 3 extra CN. If this may help, the test environment where the issue occurs sits in a data center outside of the network where the LDAP server is located and it is connected to it by means of a VPN. The other test environments are in the same building as the LDAP server.
Any idea on why it is happening in that particular environment? How can I avoid it?
Many thanks!