Description: ------------ To test if a dn exists, we split off the first part of the dn, and search the remaining part of the dn (as the base of the search) for an entry with that attribute matching the value we already have. e.g. I want to know if a dn uid=123,dc=example,dc=com exists. However, under example.com, I have a user called "cn=maxids,dc=example,dc=com" who has the attribute, uid=123 (as it's storing the text available uid). It's perfectly valid to have multiple entries having the same attribute, but only one entry can use that attribute as the first part of their dn. A search via dnExists for "uid=123,dc=example,dc=com" returns true, as it finds the entry "cn=maxids,dc=example,dc=com" with the attribute uid=123. Here where we do a ldap count of the results, we should instead be checking that the dn returned by the search, is the dn we are searching for http://pear.php.net/package/Net_LDAP2/docs/latest/__filesource/fsource_Net_LDAP2__Net_LDAP2-2.0.11NetLDAP2.php.html#a1273 LDAP2 ver 2.0.9-1 (Ubuntu) PHP 5.3.5-1ubuntu7.2 with Suhosin-Patch Test script: --------------- // $ldap == LDAP2 object from class var_dump($ldap->dnExists("uidNumber=10383,ou=Users,dc=plug,dc=org,dc=au")); echo $ldap->getEntry("uidNumber=10383,ou=Users,dc=plug,dc=org,dc=au")->getMessage(); Expected result: ---------------- bool(false) Could not fetch entry uidNumber=10383,ou=Users,dc=plug,dc=org,dc=au: no entry found: Actual result: -------------- bool(true) Could not fetch entry uidNumber=10383,ou=Users,dc=plug,dc=org,dc=au: no entry found:

Hello, what LDAP server du you use? I think that this is a special case, because uid is usually also a so-called "naming" attribute and so the LDAP server reports the found entry.

This bug has been fixed in SVN. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better. Ok, i quickly reimplemented dnExists() to no use a base level search on the supplied DN. This should be faster and is more safe because it only can find the DN. Please check out the fix from SVN (change 318472) and verify if this solves your problem: http://svn.php.net/viewvc/pear/packages/Net_LDAP2/trunk/Net/LDAP2.php?r1=295178&r2=318472 (Patchfile: http://svn.php.net/viewvc/pear/packages/Net_LDAP2/trunk/Net/LDAP2.php?r1=295178&r2=318472&view=patch)

Confirmed fix in SVN works for my test case. Using OpenLDAP 2.4.25-1.1ubuntu4 Yes, this can be seen as a special case, the advantage is that now the code is even simpler! My solution while waiting for this fix was simple too, but due to it being unable to check the error codes for some reason, it wasn't ideal. $entry = $ldap->getEntry($dn, array('dn')); if (PEAR::isError($entry)) { // Can't get correct error (just returns 1000 in code) so assume any error is dn doesn't exist; return false; } return true; Thanks for fixing it even though it can be seen as a special case!