Posted by MoogPHP on 12/09/05 19:30

I have been using PHP's LDAP protocal to access Active Directory in my
company. Authentication, search, and attribute editing have been
working great for some time. Recently, I've been assigned to update our
online AD manager to include membership altering - the "memberof"
attribute.

The user I use for working with LDAP is an admin, so it has full
permissions.

Adding a user with with ldap_add() an array like this work fine:
---
$profile = array(
"givenname" => "Bob",
"sn" => "Smith"
);

ldap_add($connect, $dn, $profile);
---

But, when I try to add the "memberof" attribute, which supports
multiple entries, in a structure like this, it doesn't work.
---
$profile = array(
"givenname" => "Bob",
"sn" => "Smith",
"memberof" =>
array(0=>"CN=Managers,OU=Security,DC=www,DC=mycompany,DC=org",1=>"CN=Executives,OU=MailLists,DC=www,DC=mycompany,DC=org")
);

ldap_add($connect, $dn, $profile);
---

When I try this LDAP returns the following error:
Warning: ldap_add(): Add: DSA is unwilling to perform


I am good with PHP and comfortable with LDAP, but don't know enough to
really troubleshoot why this isn't working because I am following the
array format required as doc'ed by PHP.

Any thoughts or exmaples is greatly appreciated
Thanks,
~Brian
Columbus, OH

[Back to original message]