Works with ldapsearch, but can't get it to work with ldap_search_ext_s()

Hi,

Trying to get a ldapclient to authenticate against it, but having a difficult time trying to figure out what i'm doing wrong. Would appreciate any tip/help pointing me in the correct direction.

Company has a Microsoft Active Directory structure, like

domain.com region_a users john.doe marcus.zap servers ... ... region_b users magaly.frap roger.smith ... servers ... ...

Testing with ldapsearch, it works fine, returning the entry of john.doe, if i do a:

$ ldapsearch -v -h ldap_srv -p 389 -s sub -z 2 -l 15 -D auth_dn -w pass_dn

-b "DC=domain,DC=com" "(sAMAccountName=john.doe)" sAMAccountName

:: for info

$ldapsearch -VV

ldapsearch: @(#) $OpenLDAP: ldapsearch 2.4.28 (Jul 4 2013 21:48:28) $ root@b1026.apple.com: /private/var/tmp/OpenLDAP/OpenLDAP-208.5~1/clients/tools (LDAP library: OpenLDAP 20428)

========= But with a simple code (extract bellow), on the same machine as the ldapsearch above, i'm unable to make it work.

.... struct timeval timeOut = {15,0}; /* 15 second connection timeout */ char *attrs[] = {"sAMAccountName", NULL};

if ( (ld = ldap_init( "ldap_srv", 389 )) == NULL ) { return( 1 ); /* error */ }

/* Bind with credentials to the LDAP server. */ rc = ldap_simple_bind_s( ld, auth_dn, pass_dn ); if ( rc != LDAP_SUCCESS ) { return( 1 ); /* error */ }

/* Search for the entry. */ fprintf(stderr, "ldap_simple_bind_s(): Entering...\n");

rc = ldap_search_ext_s( ld, "DC=domain,DC=com", LDAP_SCOPE_SUBTREE, "(sAMAccountName=john.doe)", NULL, 0, NULL, NULL, &timeOut, 2, &result );

fprintf(stderr, "ldap_simple_bind_s(): after. rc=%d...\n", rc); ... ...

::::::

The ldap_init(), ldap_simple_bind_s(), both work correctly.

The call to: ldap_search_ext_s( ld, "DC=domain,DC=com", .... does never come back from the function call, i have waited for more than one hour. I never get the 2nd fprintf(...)

Another point, should the ldap_search_ext_s() not return with an error after the defined "timeOut" (in my case 15 seconds) ?

But, if i change the 2nd parameter (base dn) from: "DC=domain,DC=com" to "OU=region_a,DC=domain,DC=com", it works fine, returning the entry for john.doe in a few seconds.

As i need to check users inside all of the "regions", i can't have the OU=region on the base search, because if i use it with OU=region_a,dc=domain,dc=com i'm not able to find the users from region_b, as expected :)

Any tips to help me figure out what i'm doing wrong?

Thanks werner