I'm using PHP to connect to an Oracle OID LDAP - and I'm testing with different account types; in this case I know an account is expired (OID error 9000 - http://docs.oracle.com/cd/E15523_01/oid.1111/e10029/trblsht.htm#CHDJHCHC) but PHP is just returning me an error 49 (ldap_errno) which is just the generic invalid credentials error.
Is there another function or method to get more verbose messages from the server?
IIRC, OID error codes such as this aren't transmitted across the wire (though wireshark will be able to tell you). However, there is often a concept of an extended error.
You should be able to obtain the extended code (and string) using the ldap_get_option function in PHP, using the LDAP_OPT_ERROR_NUMBER and LDAP_OPT_ERROR_STRING options.
The above should be sufficient to give you the 'extended' diagnostic; but remember that this may be directory-implementation-specific.
I see that on http://www.php.net/manual/en/function.ldap-get-option.php there is a similar (though for AD) example, that makes use the (apparently undocumented) LDAP_OPT_DIAGNOSTIC_MESSAGE.
