无法使ldap_modify工作

Question

I'm trying to use LDAP user password change code but I have stuck on a step where ldap_modify throwing LDAP error:

1 - Operations error

First I thought that password encryption method is not correct but even code

  $rootdn = "cn=ldap_manager,dc=mycompany,dc=local";
  $rootpwd = "mysecretkeys";
  $r = ldap_bind($con,$rootdn,$rootpwd);

  $entry = array();
  $entry["givenName"] = "BabaGanush";

    if ($r = ldap_modify($con,$user_dn,$entry) === false){   
    $error = ldap_error($con);
    $errno = ldap_errno($con);
    $message[] = "E201 - Please contact the administrator.";
    $message[] = "$errno - $error";
  } else {
    $message[] = "Name was changed";
  }

is not working (getting the same Error #1).

I have tried all possible combinations for rootDN but cannot get bind when used ldap_manager

  $rootdn = "CN=users,DC=mycompany,DC=local";

  $username = 'ldap_mamanger';
  $domain = 'mycompany';

  $rootdn = $username;
  $rootdn = $username.'@'.$domain;
  $rootdn = $domain.'\\'.$username;
  $rootdn = "uid=$username,cn=users,dc=$domain,dc=local";
  $rootdn = "uid=$username,dc=$domain,dc=local";
  $rootdn = "uid=$username,dc=local";
  $rootdn = "uid=$username,dc=$domain";

when $ldaprdn = $domain.'\\\\'.$username; works fine for regular AD user (can bind)

dsquery user -name ldap* returns

"CN=ldap_manager,CN=Users,DC=mycompany,DC=local" "CN=ldap_user,CN=Users,DC=mycompany,DC=local"

Any clue what can be wrong?

Answer 1

As far as I see it, you are trying to modify a complete entry . That means, ldap_modify replaces the current content located under the given DN with the new content. And I'm sure there are some fields that are left empty shich are required when you replace the current entry with one that contains only a givenName.

So either fetch the current entry and replace the value in question within that result or you might want to have a look at ldap_mod_replace .