Can't seem to search the manager attribute in LDAP. I want to return all users with Jane Doe as their manager. Any pointers would be appreciated.
$filter = "(&(objectClass=user)(objectCategory=person)(manager=*Jane Doe*))";
$result = ldap_search($ldap, $ldap_dn, $filter) or exit("Unable to search LDAP server");
$entries = ldap_get_entries($ldap, $result);
more searching (with the help of an amazing friend of mine - thanks Scott Carter!) yielded the issue. Answer below found here
The wildcard character "" is allowed, except when the 'AD Attribute' is a DN attribute. Examples of DN attributes are distinguishedName, manager, directReports, member, and memberOf. If the attribute is DN, then only the equality operator is allowed and you must specify the full distinguished name for the value (or the "" character for all objects with any value for the attribute). Do not enclose the DN value in parentheses (as is done erroneously in some documentation). If the attribute is multi-valued, then the condition is met if any of the values in the attribute match the filter.
so in order to search for all members that have a manager of Jane Doe you must first have the full dn of Jane Doe.
$filter="(&(objectClass=user)(objectCategory=person)(manager=CN=Jane Doe,OU=IT,OU=Users,OU=USA,OU=yourcompany,DC=corp,DC=yourcompany,DC=com))";
Then you will get the results you are looking for...