According to these posts in the php.net manual it should be possible to supply multiple DNs for ldap_search().
However, I can’t get the below implementation to work:
$dn[] = 'ou=Red,ou=Teams,ou=Users,dc=example,dc=org';
$dn[] = 'ou=Green,ou=Teams,ou=Users,dc=example,dc=org';
$dn[] = 'ou=Blue,ou=Teams,ou=Users,dc=example,dc=org';
$query = ldap_search($conn, $dn, $filter, $attrs);
Everything is fine when passing through any of the individual DN strings, but supplying an array will error with message: ‘No such object’.
An obvious work around for this is to loop over my DN array to fire off separate queries and push everything in to one array. I’d like to avoid having to do that, since I’m bringing back 8000+ objects in one DN (Paginated – Example 2) and ~300 in each of the other two.
Is it actually possible to search multiple DNs?
Perhaps special syntax (symbol/character) within the single DN string?
Search requests must contain a minimum the following parameters:
baseis the base object itself,oneis the base object andone level below the base object,
subis the base object and all entries below the base object.filter
A list of attributes can also be supplied, though many, but not all, LDAP APIs will request all
user attributes if none are supplied in the search request.
In the case listed, set the base object to
ou=users,dc=example,dc=comand use an appropriatefilter. If the LDAP client must restrict the returned entries to entries that are subordinate
to
ou=red,ou=green, orou=blueit may be possible to use a compound extensible match filterlike
(&(objectClass=inetOrgPerson)(|(ou:dn:=red)(ou:dn:=green)(ou:dn:=blue)))– use the correct objectclass if the data does not use
inetOrgPerson. All LDAP-compliant servers support extensiblematch filters, but non-compliant servers may not support this standard filter.
It is not possible to use multiple base objects, the
scopeparameter defines how many subordinatelevels, if any, are examined below the base object.
see also