I have managed to connect, query and add to AD
. When adding a user object
with exampleA(look down) attributes
set I have no problem, however when I add:
$this->newUserEntry["UserAccountControl"] = 512; //LDAP will disable the account by default, This will create it in an enabled state
I get the following warning from ldap_add()
and user object
is not created:
Server is unwilling to perform
ExampleA:
$this->newUserEntry["objectclass"][0] = "top";
$this->newUserEntry["objectclass"][1] = "person";
$this->newUserEntry["objectclass"][2] = "organizationalPerson";
$this->newUserEntry["objectclass"][3] = "user";
//---------General Tab-----------------------------------------
$this->newUserEntry['givenname'] = $this->givenName; //first name
$this->newUserEntry['sn'] = $this->sn; // last name
$this->newUserEntry["displayname"] = $this->sn.', '.$this->givenName; // display name - Format: Meow, Test
$this->newUserEntry["physicalDeliveryOfficeName"] = $this->location; //office
$this->newUserEntry["mail"] = $this->userMail;
$this->newUserEntry["mailNickname"] = $this->userMail; // user mail
//Change this to mobile field
$this->newUserEntry["telephoneNumber"] = '9897157910'; // user phone
//----------Account Tab----------------------------------------
$this->newUserEntry["userPrincipalName"] = $this->samaccountname.'@comp.com'; //User logon name
$this->newUserEntry["sAMAccountname"] = $this->samaccountname; //pre windows 2007 logon name
//----------profile Tab-----------------------------------------
$this->newUserEntry["scriptPath"] = $this->scriptPath; //Log on script
//----------Organization Tab------------------------------------
$this->newUserEntry["title"] = $this->title;
$this->newUserEntry["department"] = $this->department; // department
$this->newUserEntry["company"] = "Open Doors Test"; // Company name
$this->newUserEntry["manager"] = $this->managerDn; // name of the manager
What I have tried:
1-Setting password attribute
:
I taught that this is happening because I do not have password attribute
set, so I tried adding a password
with hashing
and without hashing
:
password example: As33557b
$this->newUserEntry["userPassword"] = '{MD5}' . base64_encode(pack('H*',md5($this->password))); //md5HASH - hash the password
Again both attempts it failed and like before if I would remove account control user object was created with no issues.
2- Make sure the connection is over SSL
:
I changed the way I was connecting via LDAP
:
Before:
ldap_connect('ldap://'. $this->dnToConnect)
After:
ldap_connect('ldap://'. $this->dnToConnect, 636)
I also ran nmap -p 636 mydomain.com
to make sure the port is open
and I can make a connection.
3- Try setting 512
value as a string
and as an integer
.
Notes:
I can make accounts, disable and enable
them manually, so the problem should not be with the user and password
that I am using to bind
.
Update1:
I have narrowed down the problem to the password. I can create an Enabled account
with no password
and setting userAccountControl to 544
, so I think the issue is with the way I am setting the password field.
Bloob is about to pop, any help would be appreciate it.
Comment Section Requested Info: Password:
originally I was setting the password like:
//$this->newUserEntry["userPassword"] = '{MD5}' . base64_encode(pack('H*',md5($this->password))); //md5HASH - hash the password
Than Someone suggested to try to set it like:
$newPassword = $this->password;
$newPassword = "\"" . $newPassword . "\"";
$newPass = mb_convert_encoding($newPassword, "UTF-16LE");
$this->newUserEntry["unicodePwd"] = $newPass;