ldap_add():添加:服务器不愿意执行 [英] ldap_add(): Add: Server is unwilling to perform

问题描述

我刚开始使用LDAP和Windows Server2012.我设法使用管理员帐户将PHP代码绑定到Active Directory，但似乎可以使用ldap_add函数创建新用户.

I'm just starting out with LDAP and Windows Server 2012. I have managed to get my PHP code to bind to the Active Directory using an Administrator account but I can seem to create a new user using the ldap_add function.

我正在运行Windows Server 2012 R2和IIS8.我已经安装了带有企业根证书的证书颁发机构，并且能够使用具有SSL连接的ldp.exe连接到AD.

I'm running Windows Server 2012 R2 and IIS 8. I have installed the certificate authority with an enterprise root certificate and I am able to connect to AD using ldp.exe with an SSL connection.

我浏览了Google以及可能的重复线程"，但是在过去的几个小时中，没有一个为我提供了有效的答案.

I have looked through Google as well as the 'possible duplicate threads' but none of them have provided me a working answer over the last couple of hours that I have been looking.

当我使用以下PHP代码时:

When I use the following PHP code:

<?php

$ldaprdn  = 'netclass\Administrator'; 
$ldappass = 'password here'; 

    $ldapconn = ldap_connect('ldap://server.netclass.co.uk')
    or die("Could not connect to LDAP server.");

if ($ldapconn) {

    // binding to ldap server
    $ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);

    // verify binding
    if ($ldapbind) {
        echo "LDAP bind successful...";
    } else {
        echo "LDAP bind failed...";
    }


        // prepare data
    $info["givenname"] = "Ronnie Brown";
    $info["samaccountname"] = "br01";
    $info["objectclass"] = "person";

    // add data to directory
    $r = ldap_add($ldapconn, "cn=Ronnie,dc=netclass,dc=co,dc=uk", $info); //Line 28

}
?>

我得到输出:

LDAP bind successful...
Warning: ldap_add(): Add: Server is unwilling to perform in C:\inetpub\wwwroot\adduser.php on line 28

我尝试通过以下方式启用SSL:

I have tried to enable SSL by changing:

$ldapconn = ldap_connect('ldap://server.netclass.co.uk')

到

$ldapconn = ldap_connect('ldaps://server.netclass.co.uk')

但是我得到以下错误:

Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in C:\inetpub\wwwroot\adduser.php on line 12
LDAP bind failed...
Warning: ldap_add(): Add: Can't contact LDAP server in C:\inetpub\wwwroot\adduser.php on line 28

推荐答案

我今天设法得出了答案.

I managed to work out the answer today.

我将以下行添加到/etc/ldap/ldap.conf

I added the following line into /etc/ldap/ldap.conf

TLS_REQCERT never

此后，我可以连接，但仍然收到错误消息:

After this I was able to connect but was still getting the error message:

Server Unwilling to Perform

这是因为我试图将密码设置为纯文本，例如:

This was because I was trying to set the password plain text like:

$ldaprecord["unicodepwd"] = 'MyPassword1234'

您需要先对其进行编码，所以一旦我将其更改为它，它就会起作用:

You need to encode it first so once I change my code to this it works:

## Create Unicode password
## Assumes that given password is in UTF-8 encoding!
## Adjust it to the actual encoding of the password
$pwdtxt = "MyPassword1234";
$newPassword = '"' . $pwdtxt . '"';

$newPass = iconv( 'UTF-8', 'UTF-16LE', $newPassword );

$ldaprecord["unicodepwd"] = $newPassw;

希望这对某人有帮助！

这篇关于ldap_add():添加:服务器不愿意执行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！