From cfe5d1561cde73df7d9f8b5fa844a026d7f5a29d Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Tue, 15 Apr 2014 15:32:43 +0200
Subject: [PATCH] set LDAP_OPT_REFERRALS in case of AD

---
 op/op.Login.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/op/op.Login.php b/op/op.Login.php
index cac84a6bd..edd1049e4 100644
--- a/op/op.Login.php
+++ b/op/op.Login.php
@@ -89,6 +89,10 @@ if (isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
 			if ($settings->_ldapType==1) {
 				$ldapSearchAttribut = "sAMAccountName=";
 				$tmpDN = $login.'@'.$settings->_ldapAccountDomainName;
+				// Add the following if authentication with an Active Dir doesn't work
+				// See https://sourceforge.net/p/seeddms/discussion/general/thread/19c70d8d/
+				// and http://stackoverflow.com/questions/6222641/how-to-php-ldap-search-to-get-user-ou-if-i-dont-know-the-ou-for-base-dn
+				ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
 			}
 		}