dongzhang3482 2017-02-13 17:06
浏览 80


I am experiencing a weird issue with Zend_Ldap (Zend_Framework 1.12) and PHP 5.6.24 on Windows 2012 R2 when searching for a CN. Basically, I send an LDAP search for the DN:


after successfully binding with a valid LDAP user. That is confirmed by this Wireshark trace:


What I find odd in the trace is that I get a proper response to my search query, which includes the users in the CN I am targeting. However, instead of returning that search result, the PHP LDAP extension (php_ldap.dll, v5.6.24.0) attempts 3 extra binds using the ROOT user for the following CN:

  • CN=Configuration,DN=escenterprise,DN=net
  • CN=DomainDnsZones,DN=escenterprise,DN=net
  • CN=ForestDnsZones,DN=escenterprise,DN=net

Those binds appear to succeed; however the following extra searches for the 3 CN above all fail with the following error message:

0x1 (Operations error; 000004DC: LdapErr: DSID-0C090752, comment:
In order to perform this operation a successful bind must be completed on the
connection., data 0, v2580): searching:

I understand that the 3 CN are contained in the response to my first query. However, I am having some troubles to understand why the 3 extra searches occur in the first place, along with the 3 binds as ROOT.

The issue only happens in one test environment, which is configured the same way of my other test environments where everything works correctly, that is, Zend_Ldap does not return an exception performing the very same search and it does not search the 3 extra CN. If this may help, the test environment where the issue occurs sits in a data center outside of the network where the LDAP server is located and it is connected to it by means of a VPN. The other test environments are in the same building as the LDAP server.

Any idea on why it is happening in that particular environment? How can I avoid it?

Many thanks!

  • 写回答

1条回答 默认 最新

  • dongru3726 2017-02-13 20:52

    I was experiencing this issue with a test environment that sits in one of my data centers. It turned out to be my PHP Settings was changing optReferrals to TRUE. This worked in the local environments but not for anything that sat outside of my network. After making sure the setting defaulted to FALSE, it worked correctly and I did not see any "ROOT" binds.

    Hope this helps.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?



    • ¥15 Java环境配了,但启用不成功。
    • ¥15 求一个智能家居控制的代码
    • ¥15 ad软件 pcb布线pcb规则约束编辑器where the object matpcb布线pcb规则约束编辑器where the object matchs怎么没有+15v只有no net
    • ¥15 虚拟机vmnet8 nat模式可以ping通主机,主机也能ping通虚拟机,但是vmnet8一直未识别怎么解决,其次诊断结果就是默认网关不可用
    • ¥20 求各位能用我能理解的话回答超级简单的一些问题
    • ¥15 yolov5双目识别输出坐标代码报错
    • ¥15 这个代码有什么语法错误
    • ¥15 给予STM32按键中断与串口通信
    • ¥15 使用QT实现can通信
    • ¥15 关于sp验证的一些东西,求告知如何解决,