How can I search for a user in LDAP while using anonymous binding?

Question

I am trying to search for a user in LDAP while doing anonymous binding. First of all is this possible?

Here is a working code.

$ldaphost = "dc.mydomain.com";       // your ldap server
$ldapport = 389;                 // your ldap server's port number
$ldapuser = "username@mydomain.com";
$ldappass = "somepass";
$basedn = 'dc=mydomain,dc=com';

$searchfor = 'seconduser';

//Connecting to LDAP
$ldapconn = ldap_connect($ldaphost, $ldapport) or die("Could not connect to" . $ldaphost);

if ($ldapconn) 
{

  ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
  ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);

    // binding to ldap server
    $ldapbind = ldap_bind($ldapconn,$ldapuser, $ldappass);

  $filter = '(&(samaccounttype=805306368)(samaccountname=' . $searchfor . '))';

  $result = ldap_search($ldapconn, $basedn, $filter, array('samaccountname'));

  $info = ldap_get_entries($ldapconn, $result);

  echo '<pre>';
  print_r($info);     

}

The only thing with the above code is that I would have to provide an user for binding. I would like to do anonymous instead. To do that I changed the following line of code from

$ldapbind = ldap_bind($ldapconn,$ldapuser, $ldappass);

to

$ldapbind = ldap_bind($ldapconn);

But this is giving me the following error in the ldap_search()

ldap_search(): Search: Operations error

How can I search for a user in LDAP with anonymous binding?

Answer 1

Your Active Directory administrators should have told you, that anonymous access is disabled by default. Most likely they are not willing to change it. For an application, ask for a service account (stable password).