I'm trying to build a self-service portal onto my OpenLDAP server so that users can update their GECOS entry, phone number, etc. They will NOT be updating their password per requirements.
The problem is I'm not able to update any attributes in the LDAP server. I use the PHP call ldap_mod_replace
with a valid DN (the root administrative DN right now) to update these attributes. The error I receive is:
(53) Server is unwilling to perform
The bind is successful to the server. Using the same bind DN I am able to update any attribute I wish to using a third party tool (JXplorer).
Here is a snip of the exact code where the update is performed, redacted for protecting IP:
function saveAccountData($connection, $dn, $newAcctData, $isAdmin = false) {
$permittedData = array();
$resp = ldap_bind($connection, "cn=rootdn,dc=domain,dc=tld", "reallygoodpassword");
if (!$resp) {
die("Failed to bind to LDAP with authenticated credentials! $resp
");
}
if ($isAdmin) {
$permittedData = $newAcctData;
}
else {
$permittedData["homedirectory"] = $newAcctData["homeDirectory"];
$permittedData["gecos"] = $newAcctData["gecos"];
$permittedData["loginshell"] = $newAcctData["loginShell"];
$permittedData["telephonenumber"] = $newAcctData["telephoneNumber"];
}
return ldap_mod_replace($connection, $dn, $permittedData);
}
I check for the error outside after calling this function, which is how I arrived here with the error message.
I referred to this manual: http://www.openldap.org/doc/admin24/appendix-common-errors.html
I've reviewed the several topics, but these seem to apply to Active Directory: ldap_mod_replace() [function.ldap-mod-replace]: Modify: Server is unwilling to perform
I've still tried these solutions, but to no avail. What is going wrong here?
Thanks in advance!