[Date Prev][Date Next] [Chronological] [Thread] [Top]

php ldap_bind not working as expected

To: openldap software list <openldap-software@OpenLDAP.org>
Subject: php ldap_bind not working as expected
From: Prune <prune@lecentre.net>
Date: Tue, 09 Oct 2001 18:08:04 +0200
Organization: Lecentre
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.2) Gecko/20010726 Netscape6/6.1

Hi,

I'm going crazy !! :)
I'm just trying to bind to my ldap as a user and add a new attribute entry.
This is the php error I have in my browser :
Warning: LDAP: modify operation could not be completed. in /usr/local/share/web/mst.lecentre.net/cnx.php on line 41

Here is what I do :

$bind_dn :        "uid=toto, ou=users, ou=lecentre.net, dc=lecentre, dc=net"
I want user toto to bind, and add the "mailforwardingaddress" attribut (valus is stored in $email_to_add )

// this is the main function to add new mails
function add_a_mail ($server, $port, $bind_dn, $user_pass, $email_to_add ) {

                   // connection to ldap
                  $ds=ldap_connect ($server, $port);
                         if ($ds) {

                            //I put the data to add in an array
                             $to_add["mailforwardingaddress"]=$email_to_add;

                            // I then bind as the user
                             $r=ldap_bind ($ds,$bind_dn, $user_pass);

                            // then I add the data
                             $r=ldap_mod_add($ds,$bind_dn,$to_add);
                            ....

This is not working. When I try it by hand (system command ldapadd) or using ldapbrowser, everything is working fine....

If I bind as manager, it also work fine. I tried the same thing with a search instead of a add, but had no result
It's like the php ldap_bind was not granting rights as other binds does.....

Here is what I have in ACL :

# make sure users can-t change theire uid
access to dn=".*,ou=users,ou=.*,dc=lecentre,dc=net" attrs=uid
        by dn="cn=manager,dc=lecentre,dc=net" write
        by self read
        by anonymous search

# allow changing of mailForwardingAddress and MailAlternateAddress
access to dn=".*,ou=users,ou=.*,dc=lecentre,dc=net" attrs=mailForwardingAddress
        by dn="cn=manager,dc=lecentre,dc=net" write
        by dn="uid=mst, ou=users, ou=lecentre.net, dc=lecentre, dc=net" write
        by self read
        by anonymous search

access to dn=".*,ou=users,ou=.*,dc=lecentre,dc=net" attrs=mailAlternateAddress
        by dn="cn=manager,dc=lecentre,dc=net" write
        by dn="uid=mst, ou=users, ou=lecentre.net, dc=lecentre, dc=net" write
        by self read
        by anonymous search

# access to dn=".*,ou=users,ou=.*,dc=lecentre,dc=net"
access to dn=".*,ou=users,ou=.*,dc=lecentre,dc=net"
        by dn="cn=manager,dc=lecentre,dc=net" write
        by self read
        by anonymous search
        by * none

# The admin dn has full write access
access to *
        by dn="cn=manager,dc=lecentre,dc=net" write
        by * read

Moreover, this is what I found in logfile :

1) when I bind as a use in the php script :

Oct 9 18:09:38 diamond slapd[65058]: daemon: conn=589 fd=19 connection from IP=127.0.0.1:2176 (IP=0.0.0.0:389) accepted.
Oct 9 18:09:38 diamond slapd[65058]: conn=589 op=0 BIND dn="UID=MST,OU=USERS,OU=LECENTRE.NET,DC=LECENTRE,DC=NET" method=128
Oct 9 18:09:38 diamond slapd[65058]: conn=589 op=0 RESULT tag=97 err=0 text=
Oct 9 18:09:38 diamond slapd[65058]: conn=589 op=1 MOD dn="uid=mst, ou=users, ou=lecentre.net, dc=lecentre, dc=net"
Oct 9 18:09:38 diamond slapd[65058]: conn=589 op=1 RESULT tag=103 err=50 text=
Oct 9 18:09:38 diamond slapd[65058]: conn=589 op=2 UNBIND
Oct 9 18:09:38 diamond slapd[65058]: conn=-1 fd=19 closed

2) when I bind with ldapbrowser and create the entry :

Oct 9 18:14:32 diamond slapd[65058]: daemon: conn=600 fd=19 connection from IP=62.106.136.1:5569 (IP=0.0.0.0:389) accepted.
Oct 9 18:14:32 diamond slapd[65058]: conn=600 op=0 BIND dn="UID=MST,OU=USERS,OU=LECENTRE.NET,DC=LECENTRE,DC=NET" method=128
Oct 9 18:14:32 diamond slapd[65058]: conn=600 op=0 RESULT tag=97 err=0 text=
Oct 9 18:14:47 diamond slapd[65058]: conn=600 op=3 MOD dn="uid=mst, ou=users, ou=lecentre.net, dc=lecentre, dc=net"
Oct 9 18:14:48 diamond slapd[65058]: conn=600 op=3 RESULT tag=103 err=0 text=
Oct 9 18:14:48 diamond slapd[65058]: conn=600 op=4 SRCH base="uid=mst, ou=users, ou=lecentre.net, dc=lecentre, dc=net" scope=0 filter="(objectClass=*)"
Oct 9 18:14:48 diamond slapd[65058]: conn=600 op=4 SEARCH RESULT tag=101 err=0 text=
Oct 9 18:14:51 diamond slapd[65058]: conn=600 op=5 UNBIND
Oct 9 18:14:51 diamond slapd[65058]: conn=-1 fd=19 closed

Same bind, one have rights, the other not :/

any idea ?
what's wrong ??

Cheers,

Prune

-- 
    - le Centre - 
a Mad Cow Tribe product

(Very uncommon, but we should please everybody anyway, even disturbed minds)

Follow-Ups:
- Re: php ldap_bind not working as expected
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Searches are painfully slow
Next by Date: slow modify speed when updating a non-indexed field
Index(es):
- Chronological
- Thread