LDAP Search not searching whole tree

[sinistapenguin]

Hi All

 

I am a complete novice in terms of PHP/ LDAP so am probably way out of my depth.

 

We are using Joomla! as a CMS for our corporate Intranet. I was hoping to find an extension that would pull back a phone/ email directory from Active Directory (on W2K3). Having failed to find an extension, I started looking at writing something myself.

 

I have pinched a script I found on the internet and it works in a limited way.

 

I can connect/ bind etc. But I can only search within a specified OU.

 

Our AD is organised like this:

 

DOMAIN

----Office

--------Dept

------------Users

--------Dept

------------Users

--------Dept

------------Users

----Office

--------Dept

------------Users

--------Dept

------------Users

etc...

 

I would like my script to search all of the offices & depts for users matching certain criteria.

 

The script I pinched consists of a search page:

 

Code:

 

<form action="script.php" method="post">
    Search criteria:<br />
    <input type="text" name="keyword" size="20"
           maxlength="20" value="" /><br />
    Filter:<br />
    <select name="filter">
        <option value="">Choose One:</option>
        <option value="sn">Last Name</option>
        <option value="telephonenumber">Phone</option>
        <option value="l">City</option>
    </select><br />
    <input type="submit" value="Search!" />
  </form>

 

 

Which passes parameters to the script below (names have been changed to protect the innocent!):

 

Code:

 

<?php

// Designate a few variables
$host = "ldap://###.##.##.##";
$user = "ben.powell@jephson.org.uk";
$pswd = "myPassw0rd";

$ad = ldap_connect($host)
      or die( "Could not connect!" );

// Set version number
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3)
     or die ("Could not set ldap protocol");

// Binding to ldap server
$bd = ldap_bind($ad, $user, $pswd)
      or die ("Could not bind");

// Create the DN
$dn = " OU=IT Customer Support, OU=Office Central, DC=domain, DC=local";

// Specify only those parameters we're interested in displaying
$attrs = array("displayName","userPrincipalName","physicalDeliveryOfficeName","givenName", "telephoneNumber");

// Create the filter from the search parameters
$filter = $_POST['filter']."=".$_POST['keyword']."*";

$search = ldap_search($ad, $dn, $filter, $attrs)
          or die ("ldap search failed");

$entries = ldap_get_entries($ad, $search);

if ($entries["count"] > 0) {
  echo "<table border='1' width='90%'>";
  echo "<tr>";
  echo "<td>Name:</td>";
  echo "<td>Office:</td>";
  echo "<td>Email:</td>";
  echo "<td>Telephone:</td>";
  echo "</tr>";
  
for ($i=0; $i<$entries["count"]; $i++) {
  echo "<tr>";
  echo "<td>".$entries[$i]["displayname"][0]."</td>";
  echo "<td>".$entries[$i]["physicaldeliveryofficename"][0]."</td>";
  echo "<td> <a href='mailto:".$entries[$i]["userprincipalname"][0]."'>".$entries[$i]["userprincipalname"][0]."</a></td>";
  echo "<td>".$entries[$i]["telephonenumber"][0]."</td>";
  echo "</tr>";
}
  echo "</table>";
} else {
   echo "<p>No results found!</p>";
}

ldap_unbind($ad);

?>

 

 

This works fine and I can find anyone within the "OU=IT Customer Support, OU=Office Central" department.

 

Unfortunately I can't figure out how to make it search the whole tree. According to the PHP site, it does this by default, but I can't figure out what I need to change. Is it the $dn= bit? I have tried everything I can think of here.

 

Any help would be gratefully received.

 

Thanks

 

Ben