2

I searched every days for my problem, I tried many solutions and I didn't find... :(

I want to create an user using ldap_add with PHP. Working fine without enable account and without password. You find the code below.

Can you help me, please?

Config : PHP 5.6 Windows Server 2012 R2 with AD

I can enable an account when I use $info["useraccountcontrol"]=544; but the account isn't with a password... User must loggon without password and type his new password at the first connection. *

I tried to add a password with $info['userPassword'] and chand useraccountontrol at 512 and I get this error :

ldap_add(): Add: Server is unwilling to perform

Here is my code : 

<?php
$name = htmlspecialchars($_POST["name_build"]);
$lastname = htmlspecialchars($_POST["lastname_build"]);
$department = utf8_encode(htmlspecialchars($_POST["department_build"]));
$title = utf8_encode(htmlspecialchars($_POST["title_build"]));
$dn="CN=$name OU=Users, o=Domocom, c=net";

$ds = ldap_connect("192.168.1.1",389);  
if ($ds) {

    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); // IMPORTANT
    ldap_bind($ds, "[email protected]", "password");

    // Prépareles données
    $cn = $info["cn"] = "$lastname $name";
    $info["sn"]="$name";
    $info["givenname"]="$lastname";
    $info["displayname"]="$lastname $name";
    $info["name"]="$lastname $name";
    $info["userprincipalname"]= "[email protected]";
    $info["samaccountname"]= "$lastname.$name";
    $info["title"]="$title";
    $info["department"]="$department";
    $info["mail"]="[email protected]";
    $info["postalcode"]="69009";
    $info["objectClass"][0]="user";
    //$info['userPassword'] = "password";
    //$info["useraccountcontrol"]=544;

    $r = ldap_add($ds,"CN=$cn,OU=Users,OU=Direction,OU=Domocom-SP,DC=domocom,DC=net", $info);
    ldap_close($ds);
} else {
    echo "unable to connect to ldap server";
}
?>

Thanks a lot.

PS : it's fake society for my school. :p

Improve this question

1 Answer 1

Reset to default
1

If it's an AD you might need to use a secure LDAP-Connection.

For that you'll need to call ldap_connect('ldaps://192.168.1.1:<port of the AD>');. Calling ldap_connect with two parameters is deprecated and should be avoided. Use it with an LDAP-URI!

You can also omit the if…else around the ldap_connect as it will return true in almost all cases. And a true return-value does not mean that a connection to the server actually as established. A connection is first established on the first ldap_-command that needs a connection which is typically ldap_bind.

And then you might want to have a look at Change AD password using PHP, Issue updating AD password using PHP and Change AD Password using PHP/COM/ADSI/LDAP

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.