Something i don't understand : with or without boundconnection : connection is done by same user, no ?

Test connection is done by bind user, and you still use this connection. no ?

Else : in your system : why not use Simple bind ?

1. No, if you look at the original version of AuthLDAP's _createNewUser, when $ldapmode is set to 'searchandbind', the connection is bound to the binddn (admin) user or to the anonymous one (lines 244 and 247). In our case, there is a need for the search to be done by the entry itself, to get at its attributes.

2. We use 'searchandbind' instead of 'simplebind' since there entries stad within different search bases.

Hi

when $ldapmode is set to 'searchandbind', the connection is bound to the binddn (admin) user or to the anonymous one

Yes, i confirm

In our case, there is a need for the search to be done by the entry itself,

Ok, but i don't understand where LDAP->user was set in your current PR. Seems to be adlin (use same logic thath Auth part)

In my PR, if ldapreadonboundconn is set, I skip the ldap_close($ldapconn); at (original) line 558, just after the check for succesful bind, and pass the already bound to the user connection to $this->_createNewUser at (original) line 572; therefore, the search at (original) line 266 takes place on the connection bound to the correct user.