PHP/LDAP: Bad Search Filter (OU with Ampersand) -

i have written ldap-authentication-class (working active directory) while ago , created new web-application department, uses authentication class.

basically user enters credentials, script binds ad , checks if user member of group. password authentication works every time, checking group memberships work, if user not in or below ou ampersand in it's name.

the problem seems be, department name contains ampersand , therefore organizational unit too. allthough have permissions in ad change name, other applications access ou name, therefore can not change (also don't know if there other ous ampersands in names, same problem might occur later).

funny thing: if use ldp.exe under windows can use exact same search filter without problems, guess problem correct transmission of symbol (my app uses utf-8 , ampersand-character displayed correctly when pulled ad , printed, don't think it's encoding problem)

the line use create filter is:

$filter = "(&(objectclass=group)(member:1.2.840.113556.1.4.1941:=".$userdn."))";

where userdn comes ldap_search to, verified user password.

i stumbled, because pull dn use group query active directory (and seems correctly escaped), cannot use in ldap_search.

i tried escaping/replacing &-symbol alternatives:

\&

&

%26

and lots of variants of those, eturn same "bad filter" error.

(php version 5.3.2-1ubuntu4.17)

can tell me doing wrong here?

i figured out (after several additional hours) - problem not ampersand after all, escaping issue - dn of user contained comma, escaped (so didn't think it).

actually had convert escaping-symbol () chr(0x5c). article ( krivokuca.net/2012/08/… ) had solution.

funny thing: had escaping function, converted "\" "\5c", 1 did not particular issue.

thank effort me :)