[clug-progsig] PHP and LDAP?
sgrover at open2space.com
Thu Aug 28 19:39:41 PDT 2008
I have a parital solution to my problem... Here's the short of it so that it
might help others...
My DN was something like "CN=Bob Smith,OU=AddressBook,DC=mydomain,DC=com",
now the problem is that CN was generated on the fly using the first/last name
entries (SN and givenName). Turns out that changing something that would
result in the change of your DN is a no-no. Makes sense when explained that
The solution is to not use a user editable value for the "naming attribute"
(the left most part of the DN - in this case the CN). Instead, one should
make use of something like the "uid" attribute. And generate a unique value
for new records.
This is where the partial part comes in for me. To use the "uid" attribute,
my contact records need to make use of the inetOrgPerson schema. Under
Active Directory, this schema requires an account name, and some other
network account specifics. My contacts will NOT have logon accounts to the
Active Directory. So I'm at a catch 22 here. Either I need to figure out a
way to avoid the account issue, or I need to avoid using inetOrgPerson -
which means I can't use the uid attribute...
I can see why LDAP is not more widely adopted.. :)
On Thursday 28 August 2008 00:00:59 Shawn wrote:
> I'm having a heck of a time finding anything useful online for this.
> Hoping someone here can help out.
> Real simple app. Addressbook type tool. Difference is the records are
> stored in Active Directory / LDAP. It's a PHP app.
> Plenty of details on the web for connecting to an LDAP server and reading
> it's contents. Very little on creating a new entry (worked that out).
> Even less on modifying that entry afterwards. (i.e. change the email
> address, last name, etc.) - this I can't make work at all. I keep getting
> nailed with odd errors. The errors make sense (can't modify a DN, or part
> of the RDN). But I'm finding nothing on how to work around these points.
> Anyone here have experience with this? Or know of any decent resources?
> As is the only option I can see is to delete the current record, then just
> create a new record with the changed data. But I've read somewhere that AD
> doesn't actually delete LDAP records.... guess I'll find out real quick
> anyways... thanks for any tips...
More information about the clug-progsig