I'm trying to receive user data from an Shibboleth/SAML IdP and pass it into an LDAP:
// Get data from IdP
$attributes = getUserFromIdP();
// Connect + bind (simplified)
$ldapconn = ldap_connect();
ldap_bind();
// Prepare data
$info['uid'] = $attributes['uid'][0];
$info['givenName'] = $attributes['givenName'][0];
$info['sn'] = $attributes['sn'][0];
$info['cn'] = $attributes['cn'][0];
$info['mail'] = $attributes['mail'][0];
$info['objectclass'][] = 'inetOrgPerson';
$info['objectclass'][] = 'eduPerson'; // problem here!
$dn = "cn=".$info['cn'].",dc=sub,dc=domain,dc=tld";
$r = ldap_add($ldapconn, $dn, $info);
It works fine if I only add inetOrgPerson
as objectclass
. But when I try to exclusively set eduPerson
or both at the same time, I get an Invalid syntax
error (error code 21).
It doesn't seem to be missing required attributes (that would throw a Object class violation
error). So what is the problem here and how can I solve it?
I found the answer: I need to import the eduPerson
schema first. (A more specific error message would've helped...)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.