Jump to content

Understading LDAP_OPT_REFERRALS

dkurtz

By dkurtz
in PHP Coding Help

 Share

Recommended Posts

dkurtz Newbie

dkurtz

Posted
Posted

I'm hoping someone can help clear a couple of things up for me. I ran into an issue last night with a hosted application that was written by someone before I started working here. Basically it's a AD integrated website that is using an LDAP class to make the authentication calls. All of our problems started on Monday when an attempt to add a new domain controller failed, after this things related to this application were running terribly slow. The thing most affected by this was the AD integrated website. (mostly just authentication, but other things were also affected)  After looking for hours, I read a post on a forum stating that the ldap_set_option() for a Windows 2003 domain should be set to:

 

ldap_set_option($conn LDAP_OPT_PROTOCOL_VERSION, 3);

ldap_set_option($conn LDAP_OPT_REFERRALS, 0);

 

and that if this wasn't set to 0 I would get LDAP errors returned. This application was working fine before the failed promotion of a machine to a DC. After looking at the code for this application, I noticed that LDAP_OPT_REFERRALS was 1, not 0 as the forums I read stated it needed to be. After I changed this value to 0, everything started working fine and faster than ever. I guess my confusion began with the fact that everything was working fine with this option being set to 1 prior to the failed promotion of the DC but after that it became terribly slow until I set this value to 1...

 

Today I'm working on building a new app and have a php class I wrote that also binds to ldap for user authentication. I did not specify the LDAP_OPT_REFERRALS value and everything seems to be working fine. Just for giggles I ran ldap_get_option($conn,LDAP_OPT_REFERRALS,$val) and got a returned value of 1, so apparently what I read about Windows 2003 Server and this option having to be set to 0 in order to work weren't true because this application I've written works fine.

 

Bottom line, I'm trying to understand exactly what this option does and how it might or might not affect current applications I write in a Windows 2003 AD environment. I realize that some of this might be out of the scope of this particular forum, but I'm hoping someone can lend some insight to this question and problem.

 

Thanks so much,

Dave

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.