#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2007
    Posts
    9
    Rep Power
    0

    LDAP addition of users in PHP from shell


    Hi Im currently very stuck on adding users to the domain over LDAP (Windows 2003 Active Directory Server with Exchange 2003).

    I have tried simple examples from the php.net site and can search and display information for users and users within groups but cannot add.

    Errors I keep gettings are:

    ldap_mod_add(): Modify: No such object = when trying to update / add users to an existing group.DN

    ldap_add(): Add: Invalid DN syntax = when trying to add a user.

    ---------------------------------------------------
    Snippets of code:
    ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option(NULL, LDAP_OPT_REFERRALS,0);

    $server = "domain.forest.com";

    if($ds = ldap_connect($server))
    { print "LDAP connected to:".$server."\n"; }
    else { die("Could not connect to LDAP server."); }

    $uname = "CN=Administrator,CN=Users,DC=domain,DC=com";
    $pw = "******";

    if($ds)
    {
    if(ldap_bind($ds, $uname, $pw))
    {
    print "Sucessfully logged in as:".$uname."\n";

    // prepare data
    $adduserAD["cn"][0] = "Common Name";
    $adduserAD["instancetype"][0] = "4";
    $adduserAD["samaccountname"][0] = "AccountName" ;
    $adduserAD["objectclass"][0] = "top";
    $adduserAD["objectclass"][1] = "person";
    $adduserAD["objectclass"][2] = "organizationalPerson";
    $adduserAD["objectclass"][3] = "user";
    $adduserAD["displayname"][0] = "DisplayName";
    $adduserAD["name"][0] = "Name";
    $adduserAD["givenname"][0] = "GivenName";
    $adduserAD["sn"][0] = "SN";
    $adduserAD["company"][0] = "company";
    $adduserAD["department"][0] = "IT";
    $adduserAD["title"][0] = "Mr";
    $adduserAD["description"][0] = "Chris Testing Account";
    $adduserAD["mail"][0] = "testnew@domain.com";
    $adduserAD["initials"][0] = "IN";
    $adduserAD["userprincipalname"][0] = "USRPRINAME";
    $adduserAD["profilepath"][0] = "/profilepath";

    // add data to directory
    if(ldap_add($ds, "CN=NewUser,CN=Users,DC=domain,DC=com", $adduserAD))
    { print "Added User: ".$adduserAD['cn']."\n"; }
    else { print "Failed to add user: ".$adduserAD['cn'][0]."\n"; }

    -----------------------------------------------

    any help at all would be greatly appreciated
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2007
    Posts
    9
    Rep Power
    0
    Even if i try this code:

    $info["cn"]= array("John Jones");
    $info["sn"]=array("Jones");
    $info["mail"]=array("jonj@example.com");
    $info["objectclass"]=array("person");

    // add data to directory
    $r=ldap_add($ds, "cn=John Jones, o=My Company, c=US", $info);

    it fails..

    Now im using:

    $adduserAD["cn"][0] = "Chris Test from php";
    $adduserAD["instancetype"][0] = "4";
    $adduserAD["samaccountname"][0] = "test_new_acc1";
    $adduserAD["objectclass"][0] = "top";
    $adduserAD["objectclass"][1] = "person";
    $adduserAD["objectclass"][2] = "organizationalPerson";
    $adduserAD["objectclass"][3] = "user";
    $adduserAD["displayname"][0] = "New User Test Account";
    $adduserAD["name"][0] = "New User";
    $adduserAD["givenname"][0] = "Given Name";
    $adduserAD["sn"][0] = "Surname";
    $adduserAD["company"][0] = "picochip";
    $adduserAD["department"][0] = "IT";
    $adduserAD["title"][0] = "Mr";
    $adduserAD["description"][0] = "Chriss Test Account";
    $adduserAD["mail"][0] = "test_new_acc1@picochip3.com";
    $adduserAD["initials"][0] = "NU";
    $adduserAD["samaccountname"][0] = "test_new_acc1";
    $adduserAD["userprincipalname"][0] = "Priciple Name";
    $adduserAD["profilepath"][0] = "/profile";
    $adduserAD["manager"][0] = "CN=Chris Jones,CN=Users,DC=picochip3,DC=com";
    $adduserAD["userAccountControl"] = "544";

    if(ldap_add($ds, "CN=New User,OU=OU Users,DC=picochip3,DC=com", $adduserAD))
    { print "Added User: ".$adduserAD['cn'][0]."\n"; }
    else { print "Failed to add user: ".$adduserAD['cn'][0]."\n"; }


    and it fails with:
    PHP Warning: ldap_add(): Add: No such object in /home/chrisj/php/test_ldap.php on line 47
  4. #3
  5. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    First "CN=New User,OU=OU Users,DC=picochip3,DC=com" needs to be changed
    your DN MUST match up to your CN in the array
    "CN=Chris Test from php,OU=OU Users,DC=picochip3,DC=com"

    unless there are multiple attributes, DO NOT use an multi dimensional array

    $adduserAD['cn'][0] should just be $adduserAD['cn'], because I believe if you put the [0] then it trys to add as multiple attributes and MAY cause problems

    No such object normally refers to objectclass, so maybe one of them should NOT be there
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2007
    Posts
    9
    Rep Power
    0
    thanks very much for shedding some light.

    Can I ask if you know how define that im adding a person and not a Group. if there any other attributes that can be used instead of "objectclass" in the above code?
  8. #5
  9. Psycho Canadian
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jan 2001
    Location
    Canada
    Posts
    4,846
    Rep Power
    635
    objectClass is required, each objectClass requires other attributes, you can search google and it should give you the required attributes for each objectClass
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2007
    Posts
    9
    Rep Power
    0
    For Windows what would the DN be?

    I have tried:
    ldap_add($ds, "cn=".$adduserAD['cn'].",CN=Users,DC=domian,DC=com",$adduserAD)
    and
    ldap_add($ds, "cn=".$adduserAD['cn'].",O=company_name,C=GB",$adduserAD)

    All i get is "operations error"

    I have a Win 2003 Server with Exchange installed and am trying to add new users using php and then later on to add in new users with population of exchange mailbox.

    Again any help would be greatly receieved / appreciated.

    Thanks
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2007
    Posts
    9
    Rep Power
    0
    Ok finally cracked it. Very odd i installed some ldap sync application from the web: "PaperCut NG". I've not actually used or configuired it just installed so I assume its somehow enabled ldap v3 for windows 2003.

    Now i have a problem tho.

    I can add a new user, group and modify group but when I try and add a user with exchange attributes its failes with "Constraint violation". Need to add a user and create a mailbox.

    Here the code:
    ------------------------------------------------------
    $adduserAD["instancetype"] = "4";
    $adduserAD["samaccountname"] = "test_new_acc1";
    $adduserAD["objectClass"][0] = "top";
    $adduserAD["objectClass"][1] = "person";
    $adduserAD["objectClass"][2] = "organizationalPerson";
    $adduserAD["objectClass"][3] = "user";
    $adduserAD["displayname"][0] = "New User Test Account";
    $adduserAD["givenname"] = "Firstname";
    $adduserAD["sn"] = "Surname";
    $adduserAD["company"] = "picochip";
    $adduserAD["department"] = "IT";
    $adduserAD["title"] = "Mr";
    $adduserAD["description"] = "Chriss Test Account";
    $adduserAD["cn"] = $adduserAD['givenname']." ".$adduserAD['sn'];
    $adduserAD["name"] = $adduserAD['givenname']." ".$adduserAD['sn'];
    $adduserAD["initials"] = "NU";
    $adduserAD["userprincipalname"] = $adduserAD['samaccountname']."@picochip3.com";
    $adduserAD["profilepath"] = "/profile";
    $adduserAD["manager"] = "CN=Chris Jones,CN=Users,DC=picochip3,DC=com";
    $adduserAD["userAccountControl"] = "66048";
    $adduserAD["objectCategory"] = "CN=Person,CN=Schema,CN=Configuration,DC=picochip3,DC=com";
    $adduserAD["distinguishedName"] = "CN=Chris Testing123,CN=Users,DC=picochip3,DC=com";

    $adduserAD["msExchHomeServerName"] = "/o=picoChip/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=HART";
    $adduserAD["mDBUseDefaults"] = "TRUE";
    $adduserAD["homeMTA"] = "CN=Microsoft MTA,CN=HART,CN=Servers,CN=Administrative Group,CN=Administrative Groups,CN=picoChip,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=picochip3,DC=com";
    $adduserAD["homeMDB"] = "CN=Mailbox Store (HART),CN=picoChip Mailbox,CN=InformationStore,CN=HART,CN=Servers,CN=Administrative Group,CN=Administrative Groups,CN=picoChip,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=picochip3,DC=com";
    $adduserAD["legacyExchangeDN"] = "/o=picoChip/ou=First Administrative Group/cn=Recipients/cn=".$adduserAD['samaccountname'];
    $adduserAD["mail"] = $adduserAD['samaccountname']."@picochip3.com";
    $adduserAD["targetAddress"] = $adduserAD['samaccountname']."@picochip3.com";
    $adduserAD["mailnickname"] = $adduserAD['samaccountname'];
    $adduserAD["showInAddressBook"] = "CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=picoChip,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=picochip3,DC=com;CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=picoChip,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=picochip3,DC=com";

    if(ldap_add($ds, "CN=".$adduserAD['cn'].",CN=Users,DC=picochip3,DC=com", $adduserAD))
    {
    print "Added User: ".$adduserAD['cn']."\n";
    }
    ------------------------------------------------------

    Any help on what ive done wrong / need to change config on Exchange / Windows 2003 server would be much appreciated.
  14. #8
  15. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2002
    Location
    The Birth Place of Aviation
    Posts
    297
    Rep Power
    12
    Originally Posted by cjones
    Ok finally cracked it. Very odd i installed some ldap sync application from the web: "PaperCut NG". I've not actually used or configuired it just installed so I assume its somehow enabled ldap v3 for windows 2003.

    Now i have a problem tho.

    I can add a new user, group and modify group but when I try and add a user with exchange attributes its failes with "Constraint violation". Need to add a user and create a mailbox.

    Here the code:
    ------------------------------------------------------
    $adduserAD["instancetype"] = "4";
    $adduserAD["samaccountname"] = "test_new_acc1";
    $adduserAD["objectClass"][0] = "top";
    $adduserAD["objectClass"][1] = "person";
    $adduserAD["objectClass"][2] = "organizationalPerson";
    $adduserAD["objectClass"][3] = "user";
    $adduserAD["displayname"][0] = "New User Test Account";
    $adduserAD["givenname"] = "Firstname";
    $adduserAD["sn"] = "Surname";
    $adduserAD["company"] = "picochip";
    $adduserAD["department"] = "IT";
    $adduserAD["title"] = "Mr";
    $adduserAD["description"] = "Chriss Test Account";
    $adduserAD["cn"] = $adduserAD['givenname']." ".$adduserAD['sn'];
    $adduserAD["name"] = $adduserAD['givenname']." ".$adduserAD['sn'];
    $adduserAD["initials"] = "NU";
    $adduserAD["userprincipalname"] = $adduserAD['samaccountname']."@picochip3.com";
    $adduserAD["profilepath"] = "/profile";
    $adduserAD["manager"] = "CN=Chris Jones,CN=Users,DC=picochip3,DC=com";
    $adduserAD["userAccountControl"] = "66048";
    $adduserAD["objectCategory"] = "CN=Person,CN=Schema,CN=Configuration,DC=picochip3,DC=com";
    $adduserAD["distinguishedName"] = "CN=Chris Testing123,CN=Users,DC=picochip3,DC=com";

    $adduserAD["msExchHomeServerName"] = "/o=picoChip/ou=First Administrative Group/cn=Configuration/cn=Servers/cn=HART";
    $adduserAD["mDBUseDefaults"] = "TRUE";
    $adduserAD["homeMTA"] = "CN=Microsoft MTA,CN=HART,CN=Servers,CN=Administrative Group,CN=Administrative Groups,CN=picoChip,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=picochip3,DC=com";
    $adduserAD["homeMDB"] = "CN=Mailbox Store (HART),CN=picoChip Mailbox,CN=InformationStore,CN=HART,CN=Servers,CN=Administrative Group,CN=Administrative Groups,CN=picoChip,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=picochip3,DC=com";
    $adduserAD["legacyExchangeDN"] = "/o=picoChip/ou=First Administrative Group/cn=Recipients/cn=".$adduserAD['samaccountname'];
    $adduserAD["mail"] = $adduserAD['samaccountname']."@picochip3.com";
    $adduserAD["targetAddress"] = $adduserAD['samaccountname']."@picochip3.com";
    $adduserAD["mailnickname"] = $adduserAD['samaccountname'];
    $adduserAD["showInAddressBook"] = "CN=Default Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=picoChip,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=picochip3,DC=com;CN=All Users,CN=All Address Lists,CN=Address Lists Container,CN=picoChip,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=picochip3,DC=com";

    if(ldap_add($ds, "CN=".$adduserAD['cn'].",CN=Users,DC=picochip3,DC=com", $adduserAD))
    {
    print "Added User: ".$adduserAD['cn']."\n";
    }
    ------------------------------------------------------

    Any help on what ive done wrong / need to change config on Exchange / Windows 2003 server would be much appreciated.
    Try doing it in two parts. Add the user first. Then in the next cycle build the mailbox.

    Port
    "We know that all things work together for good for those who love God, who are called according to his purpose." Romans 8:28
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2007
    Posts
    9
    Rep Power
    0
    cracked it and got it working, setup another server and now for some reason cannot add users again..

    Can connect, search, display etc..
    When trying to add a user i simnply get: Server unwilling to perform..

    Anyone got any ideas, do you have to chnage / enable something / permissions before the Administrator can add users over LDAP.

    Thanks in advance
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2009
    Posts
    1
    Rep Power
    0

    Unhappy LDAP modify of users in PHP from shell


    I'm trying to change the password of a user's Active Directory through LDAP with PHP.

    But the following error appears: Warning: ldap_mod_replace() [function.ldap-mod-replace]: Modify: No such object in /home/httpd/htdocs/qa/cont_usuarios/teste.php on line 32
    There was a problem!

    See the code below:
    $int = "@maildom.intra";
    $host = "192.168.1.50";
    $user = "claudio".$int;
    $pswd = "MinhaSenha";

    $ad = ldap_connect($host) or die( "Could not connect!" );
    ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3) or die ("Could not set ldap protocol");
    $bd = ldap_bind($ad, $user, $pswd) or die ("Could not bind");

    $dn = "DC=maildom,DC=intra";
    $attrs = array("description","cn","displayname","samaccountname","mail","givenname");

    $filter = "samaccountname=claudio";
    $search = ldap_search($ad, $dn, $filter, $attrs) or die ("ldap search failed");
    $entries = ldap_get_entries($ad, $search);

    print "Nome...: ".$entries[0]["displayname"][0]; print "Login..: ".$entries[0]["samaccountname"][0];
    print "CN.....: ".$entries[0]["cn"][0];
    print "Desc...: ".$entries[0]["description"][0];
    print "E-mail.: ".$entries[0]["mail"][0];
    $newPassword = "12345";
    $newPassword = "\"" . $newPassword . "\"";
    $userDn = "cn=".$entries[0]["cn"][0].",OU=Users,DC=maildom,DC=intra";
    $len = strlen($newPassword);
    for ($i = 0; $i < $len; $i++)
    $newPassw .= "{$newPassword{$i}}\000";
    $newPassword = $newPassw;
    $userdata["unicodepwd"] = $newPassword;
    $result = ldap_mod_replace($ad,$userDn,$userdata);
    if ($result) echo "User modified!" ;
    else echo "There was a problem!";

    Result:

    Nome...: Claudio
    Login..: claudio
    CN.....: Claudio J. B. Ninin
    Desc...: INFORMATICA
    E-mail..: Meu email

    Warning: ldap_mod_replace() [function.ldap-mod-replace]: Modify: No such object in /home/httpd/htdocs/qa/cont_usuarios/teste.php on line 32
    There was a problem!

    Can you help me please?
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2007
    Posts
    9
    Rep Power
    0
    Unfortunatly the only way I got to reset the password was very complicated.

    1st ~I created a VBS script that runs on the W2k3 server which taken and adapted from msdn.

    Then I built a server / client socket scripts which then ran the VBS script locally. Its was quiet a pain but I read somewhere that the encryption used for the users passwords cannot work or be reset vi LDAP. Im not entirely sure but I managed to get it all working in the end. In fact I may have the scripts somewhere.
  22. #12
  23. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    1
    Rep Power
    0
    hi all, regarding PaperCut NG, is there anyone knows how to change browser page title?...

    for example original is "PaperCut NG : Summary - Mozilla Firefox"
    and i would like it change into let say "MyCompany : Summary - Mozilla Firefox"


    any thoughts?

    Thank you.

IMN logo majestic logo threadwatch logo seochat tools logo