Hello Ntozier and Greezybacon, and thanks for replying!The link provided by Ntozier was not helpful, and the search base was correct. I was still unable to authenticate.. Shortly after I asked the question, I digged further and made a fast hack that solved my issue (I needed badly to put the LDAP auth in production, and did not care too much about the way I arrive to the goal). I leave here now a short memo on what I did, since maybe somebody else may find it useful.Basically, there were three issues that I workarounded, obviously not in a clean but still sufficient way: 1) the "defaults" array did not contain the right values of binddn, bindpw and that of the search base before the non-anomyous bind attempt;2) my schema 2307 needed to be adjusted to our particular user LDAP entry layout; 3) LDAP2.php also needed to have an extra bind added. These are the changes that I introduced:--- authentication.php.orig 2017-01-13 17.000000002 +0100+++ authentication.php 2017-01-13 17.000000002 +0100@@ -50,17 +50,17 @@ // A general approach for RFC-2307 '2307' => array( 'user' => array(- 'filter' => '(objectClass=inetOrgPerson)',- 'first' => 'gn',+ 'filter' => '(objectClass=*)',+ 'first' => 'cn', 'last' => 'sn',- 'full' => array('displayName', 'gecos', 'cn'),+ 'full' => array('displayName'), 'email' => 'mail', 'phone' => 'telephoneNumber',- 'mobile' => 'mobileTelephoneNumber',+ 'mobile' => 'telephoneNumber', 'username' => 'uid', 'dn' => 'uid={username},{search_base}',- 'search' => '(&(objectClass=inetOrgPerson)(|(uid={q}*)(displayName={q}*)(cn={q}*)))',- 'lookup' => '(&(objectClass=inetOrgPerson)({attr}={q}))',+ 'search' => '(&(objectClass=*)(|(uid={q}*)(displayName={q}*)(cn={q}*)))',+ 'lookup' => '(&(objectClass=*)({attr}={q}))', ), ), );@@ -134,6 +134,7 @@ 'options' => array( 'LDAP_OPT_TIMELIMIT' => 5, 'LDAP_OPT_NETWORK_TIMEOUT' => 5,+ 'LDAP_OPT_PROTOCOL_VERSION' => 3, ) ); if ($this->getConfig()->get('tls'))@@ -149,6 +150,11 @@ putenv('LDAPTLS_REQCERT=never'); } +$defaults = $this->getConfig()->get('bind_dn');+$defaults = Crypto:($this->getConfig()->get('bind_pw'),+ SECRET_SALT, $this->getConfig()->getNamespace());+$defaults = $this->getConfig()->get('search_base');+ foreach ($this->getServers() as $s) { $params = $defaults + $s; $c = new Net_LDAP2($params);--- include/Net/LDAP2.php.orig 2017-01-13 17.000000002 +0100+++ include/Net/LDAP2.php 2017-01-13 17.000000002 +0100@@ -1077,6 +1077,10 @@ // or a definitive failure. while (true) { $link = $this->getLink();++ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, 3);+ldap_bind($link,$this->_config,$this->_config);+ $search = @[deleted]($search_function, $link, $base,In the end, authentication worked.