duanlie7962 2012-10-25 22:03
浏览 93

PHP ldap_modify访问不足

I am getting insufficient access errors using ldap_modify with OpenLDAP 2.4.32 and PHP 5.4.6.

The php function that is giving the errors looks like this:

function set_user($dn, $password, $data)
{
  /* This function sets the users infomation */

  // Get Configuration Items
  $ldapServer = $this->config->item('ldapServer');
  $ldapDCRoot = $this->config->item('ldapDCRoot');


  // Connect to LDAP
  $ldapConnection = ldap_connect($ldapServer);

  if($ldapConnection)
  {
    $r = ldap_bind($ldapConnection, $dn, $password);
    if ($r)
    {
      // Bind completed successfully
      $r = ldap_modify($ldapConnection, $dn, $data);
      return True;
    }
    die("Unsuccessful Bind");
  }
  die("Can't connect to LDAP");
}

The $dn is the full DN of the user trying to change their information along with their password. And $data is the values that they are updating, right now data just contains the phone number to change $data['mobile'] = "newPhoneNumber". This all appears to be working except for the fact the the data is never actually written.

The openldap file is included below as you can see the ACL says that I should be able to write to it.

include     /etc/openldap/schema/corba.schema
include     /etc/openldap/schema/core.schema
include     /etc/openldap/schema/cosine.schema
include     /etc/openldap/schema/duaconf.schema
include     /etc/openldap/schema/dyngroup.schema
include     /etc/openldap/schema/inetorgperson.schema
include     /etc/openldap/schema/java.schema
include     /etc/openldap/schema/misc.schema
include     /etc/openldap/schema/nis.schema
include     /etc/openldap/schema/openldap.schema
include     /etc/openldap/schema/ppolicy.schema
include     /etc/openldap/schema/collective.schema

allow bind_v2

pidfile     /var/run/openldap/slapd.pid
argsfile    /var/run/openldap/slapd.args

TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem

access to *
    by self write
    by users read
    by anonymous auth


database    bdb
suffix      "dc=example,dc=com"
checkpoint  1024 15
rootdn      "cn=manager,dc=example,dc=com"
rootpw          REDACTED

directory   /var/lib/ldap

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

The question is why can't PHP update the value and instead is getting a insufficient access error?

  • 写回答

2条回答 默认 最新

  • duanlu1950 2016-04-21 18:03
    关注

    To debug your issue, I'd suggest using the command line tool ldapmodify to make the same request. You may need to install it to your system (Redhat openldap-clients, Debian slapd).

    LDAP Utilities

    By setting the debugging level -d you can hopefully get more information than what the php library is providing about why your call is returning the insufficient access error.

    While I have never had to do this with ldapmodify, I have used it with ldapsearch with great success. So it may take some searching or ldapmodify --help to figure out how to use it.

    I imagine the command would look something like this:

    ldapmodify -d 7 -h ldap.server.com -D bind_dn -w bind_password -f /tmp/entrymods
    评论

报告相同问题?

悬赏问题

  • ¥15 stata安慰剂检验作图但是真实值不出现在图上
  • ¥15 c程序不知道为什么得不到结果
  • ¥40 复杂的限制性的商函数处理
  • ¥15 程序不包含适用于入口点的静态Main方法
  • ¥15 素材场景中光线烘焙后灯光失效
  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题