A community in which webmasters can ask for help with topics such as PHP coding , MySQL , IT jobs, web design, IT security.
Current location:homephp forumphp talk in 2008 yearAdd LDAP entry to Active Directory via ext/ldap - page 1
User InfoPosts
Add LDAP entry to Active Directory via ext/ldap#1
Using ext/ldap I'm trying to add entries to an Active Directory. As long as I only use one single structural objectClass everything works as expected, but as soon as I try to add an entry with a second auxiliary objectClass, the server reports an error:


Server is unwilling to perform; 00002040: SvcErr: DSID-030F0AA0,
problem 5003 (WILL_NOT_PERFORM), data
0


The following code works:

ldap_add($ldap, 'OU=Test,OU=Test,DC=domain,DC=example,DC=local', array(
'ou' => 'Test',
'objectClass' => 'organizationalUnit',
'l' => 'location'
));


This doesn't:

ldap_add($ldap, 'OU=Test,OU=Test,DC=domain,DC=example,DC=local', array(
'ou' => 'Test',
'associatedDomain' => 'domain',
'objectClass' => array('organizationalUnit', 'domainRelatedObject'),
'l' => 'location'
));


The same happens if I try to add an auxiliary objectClass to an existing entry:

ldap_mod_add($ldap, 'OU=Test,OU=Test,DC=domain,DC=example,DC=local', array(
'associatedDomain' => 'domain',
'objectClass' => 'domainRelatedObject'
));


The corresponding error message is essentially the same


Server is unwilling to perform;
00002040: SvcErr: DSID-030508F8,
problem 5003 (WILL_NOT_PERFORM), data
0


As all other updating and adding operations work, I think the problem must be related to the objectClass attribute.

As I've not enough experience with Active Directories (I'm used to OpenLDAP):
Are there any known issues with objectClasses in Active Directory? Am I missing something here? Are there any restrictions that disallow adding e.g. domainRelatedObject to an organizationalUnit? What the heck 's going on here ;-)?

Just in case you're wondering: the domainRelatedObject is present in the Active Directory schema.

posted date: 2008-12-15 08:05:00


Re: Add LDAP entry to Active Directory via ext/ldap#2
I had made out the solution of this problem. click to view my topic...

hope that hepls.

posted date: 2008-12-15 08:05:01


Re: Add LDAP entry to Active Directory via ext/ldap#3
You may not have permission to set the objectClass attribute. See whether you can attach the auxiliary class after creation, through ADSI Edit. If you can't, fix the permissions first (check the Properties tab in the Advanced view of Security settings)I could attach this specific class right now, onto a organizationalUnit object, as a domain admin; so in principle, this is possible.

posted date: 2008-12-15 09:47:00


Re: Add LDAP entry to Active Directory via ext/ldap#4
[...] <53> Server error: 00002040: SvcErr: DSID-030F0AA0, problem 5003 (WILL_NOT_PERFORM), data 0" This is the same even if I'm authenticated as a Domain Admin.

posted date: 2008-12-15 12:57:00


Re: Add LDAP entry to Active Directory via ext/ldap#5
Hmm. What's the server? I was using W2k3SP2, and it worked fine.

posted date: 2008-12-15 13:33:00


Re: Add LDAP entry to Active Directory via ext/ldap#6
I just found that, in order to add dynamic (per-instance) aux classes, the forest functional level of the domain must be 2003.

posted date: 2008-12-15 13:41:00


Re: Add LDAP entry to Active Directory via ext/ldap#7
Hi Martin! Thanks a lot - that was the problem... I don't dare to think about the time I wasted on this one on the PHP side ;-)

posted date: 2008-12-15 23:59:00


select page: « 1 »
Copyright ©2008-2017 www.momige.com, all rights reserved.