On certain systems and LDAP configurations you are required to use two-step login approach. It goes like this:
- Bind anonymously, by specifying only
$bind = @ldap_bind($connection);.
ldap_searchfor a given username. Search will return you a valid user's DN (or
NULL, if user does not exist).
- Using returned LDAP call another
ldap_bind, this time attempting to actually login user.
Thus, in this approach you are not constructing your own DN, but relying on returned one instead.