I have managed to connect, query and add to AD. When adding a user object with exampleA(look down) attributes set I have no problem, however when I add:
$this->newUserEntry["UserAccountControl"] = 512; //LDAP will disable the account by default, This will create it in an enabled state
I get the following warning from ldap_add() and user object is not created:
Server is unwilling to perform
ExampleA:
$this->newUserEntry["objectclass"][0] = "top";
$this->newUserEntry["objectclass"][1] = "person";
$this->newUserEntry["objectclass"][2] = "organizationalPerson";
$this->newUserEntry["objectclass"][3] = "user";
//---------General Tab-----------------------------------------
$this->newUserEntry['givenname'] = $this->givenName; //first name
$this->newUserEntry['sn'] = $this->sn; // last name
$this->newUserEntry["displayname"] = $this->sn.', '.$this->givenName; // display name - Format: Meow, Test
$this->newUserEntry["physicalDeliveryOfficeName"] = $this->location; //office
$this->newUserEntry["mail"] = $this->userMail;
$this->newUserEntry["mailNickname"] = $this->userMail; // user mail
//Change this to mobile field
$this->newUserEntry["telephoneNumber"] = '9897157910'; // user phone
//----------Account Tab----------------------------------------
$this->newUserEntry["userPrincipalName"] = $this->samaccountname.'@comp.com'; //User logon name
$this->newUserEntry["sAMAccountname"] = $this->samaccountname; //pre windows 2007 logon name
//----------profile Tab-----------------------------------------
$this->newUserEntry["scriptPath"] = $this->scriptPath; //Log on script
//----------Organization Tab------------------------------------
$this->newUserEntry["title"] = $this->title;
$this->newUserEntry["department"] = $this->department; // department
$this->newUserEntry["company"] = "Open Doors Test"; // Company name
$this->newUserEntry["manager"] = $this->managerDn; // name of the manager
What I have tried:
1-Setting password attribute:
I taught that this is happening because I do not have password attribute set, so I tried adding a password with hashing and without hashing:
password example: As33557b
$this->newUserEntry["userPassword"] = '{MD5}' . base64_encode(pack('H*',md5($this->password))); //md5HASH - hash the password
Again both attempts it failed and like before if I would remove account control user object was created with no issues.
2- Make sure the connection is over SSL:
I changed the way I was connecting via LDAP:
Before:
ldap_connect('ldap://'. $this->dnToConnect)
After:
ldap_connect('ldap://'. $this->dnToConnect, 636)
I also ran nmap -p 636 mydomain.com to make sure the port is open and I can make a connection.
3- Try setting 512 value as a string and as an integer.
Notes:
I can make accounts, disable and enable them manually, so the problem should not be with the user and password that I am using to bind.
Update1:
I have narrowed down the problem to the password. I can create an Enabled account with no password and setting userAccountControl to 544, so I think the issue is with the way I am setting the password field.
Bloob is about to pop, any help would be appreciate it.
Comment Section Requested Info: Password:
originally I was setting the password like:
//$this->newUserEntry["userPassword"] = '{MD5}' . base64_encode(pack('H*',md5($this->password))); //md5HASH - hash the password
Than Someone suggested to try to set it like:
$newPassword = $this->password;
$newPassword = "\"" . $newPassword . "\"";
$newPass = mb_convert_encoding($newPassword, "UTF-16LE");
$this->newUserEntry["unicodePwd"] = $newPass;
