Why does LDAP viewing of field depend upon user bound as?

[cchipman]

I've been playing with the LDAP bind function on Active Directory (Window 2K). However, it seems like the viewability (and searchability) of the accounts are dependent upon which type of account you bind with. For example, when I bind with an Administrator account, I all of the groups accounts a user account is a member of, while when I bind with a single user account, I can only see a few accounts membership.

How do I control this? I want to have a PHP script that allows users to see who's in which business area of the company (defined by membership in a group) without having to hardcode the password of the admin account into a file.

Any ideas?

 

[ericbrunson]

That is not a function of PHP, that is something you configure in your LDAP server.

 

[cchipman]

Indeed it was. Turns out the for some reason the default property viewing rights for a basic domain user were not set to be able to view the "memberOf" field. Now it is fixed.