Adlap2 - 更新“批量修改:访问不足”
[英]Adlap2 - update “Batch Modify: Insufficient access”
问题描述
Using Adldap2 package ( https://adldap2.github.io/Adldap2/#/ ) and to be more accurate laravel version ( https://github.com/Adldap2/Adldap2-Laravel ) and having some issues with add/update some attributes after creation. 
Using Adldap2 package ( https://adldap2.github.io/Adldap2/#/ ) and to be more accurate laravel version ( https://github.com/Adldap2/Adldap2-Laravel ) and having some issues with add/update some创建后的属性。
To be more specific, I will try to do this更具体地说,我会尝试这样做
Create user创建用户
$user = Adldap::make()->user([
'cn' => 'Vlad Test7',
'samaccountname' => 'vlad_test7',
'Company' => 'Company Name',
'givenname' => 'Vlad',
]);
$user->objectclass = [
'top',
'person',
'inetOrgPerson',
];
$user->save();
This will work.这将起作用。 But after if I will try to set another attribute like department, doing it as below但是之后如果我尝试设置另一个属性,如部门,如下所示
$user->setAttribute('Department', 'Information Systems');
$user->save();
I will get this error message我会收到此错误消息
ErrorException: ldap_modify_batch(): Batch Modify: Insufficient access at PATH_TO_PROJECT_ROOT\vendor\adldap2\adldap2\src\Connections\Ldap.php:386
I asked system admin about provided accounts permissions, and he told me that I have full access within OU for test user, that they have been created for me.我向系统管理员询问了提供的帐户权限,他告诉我,我在 OU 中拥有测试用户的完全访问权限,他们是为我创建的。
I suppose, that possibly can be something wrong with my config files, I have there as admin told me.我想,我的配置文件可能有问题,正如管理员告诉我的那样。
Here how config file (ldap.php) looks like这里配置文件(ldap.php)的样子
'hosts' => explode(' ', env('LDAP_HOSTS', 'corp-dc1.corp.acme.org corp-dc2.corp.acme.org')),
'port' => env('LDAP_PORT', 389),
'timeout' => env('LDAP_TIMEOUT', 5),
'base_dn' => env('LDAP_BASE_DN', 'dc=corp,dc=acme,dc=org'),
'username' => env('LDAP_USERNAME', 'username'),
'password' => env('LDAP_PASSWORD', 'secret'),
Based on my search result, possibly error message on update can be related with dn (distinguished name), as I have something like that as base_dn根据我的搜索结果,更新时可能出现的错误消息可能与 dn(专有名称)有关,因为我有类似 base_dn 的内容
base_dn=OU=TEST USER,OU=xxxxxx1,OU=xxxxxx2,OU=xxxxxx3,OU=xxxxxx3,DC=domain,DC=local
and when I'm creating a user, for new created user I'm getting new generated dn which is like below当我创建用户时,对于新创建的用户,我得到新生成的 dn,如下所示
dn=CN=Vlad Test7,OU=TEST USER,OU=xxxxxx1,OU=xxxxxx2,OU=xxxxxx3,OU=xxxxxx3,DC=domain,DC=local
not sure, is this correct or not?不确定,这是否正确? Thinking also about possibility, that I can't perform operations using generated distinguished names,when I'm creating a new record, at least impression is that I have added CN=Vlad Test7 to base_dn, which is causing the error.还考虑到可能性,即我无法使用生成的专有名称执行操作,当我创建新记录时,至少印象是我已将CN=Vlad Test7添加到 base_dn,这导致了错误。
Any suggestions or thoughts about this issue?关于这个问题有什么建议或想法吗? Thanks谢谢
1 个解决方案
解决方案1
0 已采纳 2020-06-26 12:17:32
Answer is simple, it was a permission issue of the AD user, which I'm using here, as error message describes, insufficient access, so nothing related with coding here.答案很简单,这是我在这里使用的 AD 用户的权限问题,如错误消息所述,访问权限不足,因此与此处的编码无关。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.