Here
you can see how AD requires to escape individual components of a distinguished name (a backslash in front of the character to be escaped).
The ldap_escape function, however, adopts a different escaping technique (I think according to RFC4514) so for example:
Sales\Engineering would be:
Sales\\Engineering according to 1
and:
Sales\5cEngineering if you use ldap_escape
I know that \5c is just the \xx hex sequence for \, but can this create problems?
I am having troubles using ldap_bind with domain\user DNs in Active Directory that's why I am wondering if there are compatibility issues.
Thanks
My Answer:
Yes, there can be compatibility issues when using PHP's ldap_escape function with Microsoft Active Directory due to the different escaping techniques used. Active Directory requires a specific escaping technique where individual components of a distinguished name need to be escaped with a backslash in front of the character to be escaped.
If you are having troubles using ldap_bind with domain\user DNs in Active Directory, it is possible that the way the DNs are being escaped by ldap_escape is causing issues. In this case, you may need to manually escape the DNs using the technique required by Active Directory before using them in your LDAP operations.
It is recommended to follow the escaping guidelines provided by Microsoft for Active Directory to ensure compatibility and avoid any issues with LDAP operations.
Rate this post
3 of 5 based on 9889 votesComments