[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
issues with openLDAP on OS X Server
I'm building a web interface in PHP where my coworkers will be able to
add/remove themselves from groups on a Mac OS X Server 10.2.x installation.
The interface basically consists of a list of the groups with a checkbox in
front. When the user checks a group and clicks the Update button, the
changes are made on the server using LDAP.
This is the function I'm using to update the groups on the server:
function uppdateraFildelningServrar ($id,$grupper) {
$query = "SELECT kortnamn,fornamn,efternamn from galentox_anvandare
WHERE id='$id'";
$result = @mysql_query($query);
$sql_res = @mysql_fetch_row($result);
$kortnamn = $sql_res[0];
$fornamn = $sql_res[1];
$efternamn = $sql_res[2];
#inloggningsuppgifter
$root_dn = "uid=admin, cn=users, dc=aftonbladet, dc=se";
$root_pw = "faddfadf";
#koppla upp
$conn = ldap_connect("aaa.aftonbladet.se") or die("Could not connect to
server. Error
is " . ldap_error($conn));
#autentisera
$r = ldap_bind($conn, $root_dn, $root_pw) or die("Could not bind to
server.
Error is " . ldap_error($conn));
#vilka grupper finns?
$result = ldap_search($conn,"cn=groups, dc=aftonbladet, dc=se", "cn=*")
or die ("Error in search query");
#
$info = ldap_get_entries($conn, $result);
for ($i=0; $i<$info["count"]; $i++) {
if ($info[$i]["gidnumber"][0] > '100') {
#TA BORT FÖRSTA POSTEN I ARRAY SOM LDAPSERVERN RETURNERAR DÅ DEN
ÄR VÄRDELÖS
array_splice($info[$i]["memberuid"], 0,1);
foreach ($info[$i]["memberuid"] as $key => $anv) {
if ($anv == $kortnamn) {
#STRYK ANVANDAREN UR ARRAY
$strukenAnv = array_splice($info[$i]["memberuid"],
$key,1);
#SKAPA NY ARRAY UTAN ANVANDAREN I
$nyArray[memberuid] = $info[$i]["memberuid"];
sort($nyArray);
$cn = $info[$i]["cn"];
$dn = $info[$i]["dn"];
#SKICKA UPP NY ARRAY TILL AAA
$result = ldap_modify($conn, $dn, $nyArray);
print "<TR><TD><B>";
print "$strukenAnv[0] ströks ur gruppen $cn[0]: ";
print ldap_error($conn);
print $dn;
if (ldap_error($conn) == 'No such object') {
#print_r($nyArray);
#print '<br>';
#print $dn;
}
print "</B></TD></TR>";
}
}
$cn = $info[$i]["cn"];
if ($grupper != '') {
if (in_array ($cn[0], $grupper)) {
$dn = $info[$i]["dn"];
array_push($info[$i]["memberuid"], $kortnamn);
$nyArray1[memberuid] = $info[$i]["memberuid"];
$result = ldap_modify($conn, $dn, $nyArray1);
print "<TR><TD><B>";
print "$kortnamn las in i gruppen $cn[0]: ";
print ldap_error($conn);
print $dn;
if (ldap_error($conn) == 'No such object') {
#print_r($nyArray1);
#print '<br>';
#print $dn;
}
print "</B></TD></TR>";
}
}
}
}
ldap_close($conn);
}
It firsts looks up the users name using his unique id in a mysql database.
The scripts searches the server for all groups. It then removes the user
from all groups and finally adds him to the groups that were checked on the
previous page.
The problem I'm having is that I very often get an "No such object" error in
PHP and the ldap_modify fails. It never happens if I just add the user to
one group, but as soon as there are more than one involved it gets into
trouble.
This is what slapd running in debug mode returns when it fails:
do_modify: dn (cn=barbar,cn=groups,dc=aftonbladet,dc=se)
ber_dump: buf=0x001da670 ptr=0x001da6a1 end=0x001da6c5 len=36
0000: 30 22 0a 01 02 30 1d 04 09 6d 65 6d 62 65 72 75 0"...0...memberu
0010: 69 64 31 10 04 06 62 61 72 62 61 72 04 06 69 61 id1...barbar..ia
0020: 6e 76 61 6e nvan
modifications:
replace: memberuid
multiple values
send_ldap_result: err=32 matched="" text="DSA2004: Invalid Path"
ber_flush: 35 bytes to sd 7
Notice that the path is correct and it works if
cn=barbar,cn=groups,dc=aftonbladet,dc=se is the only one that is checked,
but not if other groups are checked. Same issue happens when they are being
deleted.
It is as if the openldap server gets a busy response from Netinfo and then
fails.
Anyone knows what is going on?
Any ideas?
/Ian