Might also try using TLS.  In some configurations the LDAP server won't let you modify records unless you meet a minimum security requirement and sometimes this means encrypting the session.  Try this:

<?php
$ldap = ldap_connect("localhost");

  if(!(ldap_start_tls($ldap)))
  {
    $e=ldap_error($ldap);
    trigger_error("Error attempting to start TLS: $e", E_USER_WARNING);
  }

ldap_set_option($ldap,LDAP_OPT_PROTOCOL_VERSION, 3);

...

?>

The above will fall back to unencrypted if TLS fails.  Add an 'exit(1);' or some such if you'd rather have it abort.

And, as mentioned, you should be using a complete DN for your username, something like "cn=root,dc=mydomain,dc=tld".

The PHP-LDAP libraries are not the greatest (the ldap_start_tls function has no documentation BTW) but it mostly works well enough.

hope that helps,

-james
 

On Mar 10, 2009, at 2:05 AM, Catalin wrote:

Hello!
 
I’m trying to write a php script in order to manage my LDAP Directory easier. Everything works fine when I’m adding new entries and when I’m modifying an attribute.
When it comes to delete an entry from my directory or to remove an attribute, I get error no. 8 which means
“PHP Warning:  ldap_delete() [<a href='function.ldap-delete'>function.ldap-delete</a>]: Delete: Strong(er) authentication required in /var/www/html/admin.mydomain.tld/responsabil/sterge.php on line 34, referer: http://admin.mydomain.tld/responsabil/index.php?nav=del
[Tue Mar 10 07:15:03 2009] [error] [client 172.17.26.57] PHP Warning:  ldap_mod_del() [<a href='function.ldap-mod-del'>function.ldap-mod-del</a>]: Modify: Strong(er) authentication required in /var/www/html/admin. mydomain.tld /responsabil/sterge.php on line 37, referer: http://admin. mydomain.tld /responsabil/index.php?nav=del”
 
Here is how I’m trying to do these:
<?php
$ldap = ldap_connect("localhost");
 ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
 $r = @ldap_bind($ldap, "root","password");
$arrayCN=array("cn=",$login,",ou=people,dc=mydomain,dc=tld");
$CN=implode($arrayCN);
$arraygroup=array("cn=",$row_verifica[5],",ou=departments,dc=mydomain,dc=tld");
$group=implode($arraygroup);
$entry["member"]=$CN;
$stergere=ldap_delete($ldap,$CN);
$modificare=ldap_mod_del($ldap,$group,$entry);
$closing=ldap_close($ldap);
 
?>
 
I think it has something to do with LDAP settings.
I’m using default settings for LDAP , I’ve only included a supplemental schema to fit it for my needs.
I’ve generated a {SSHA} password for root.
If needed, I can send all these files.
Can anyone help?
Any suggestion would be greatly appreciated.
 
Thanks in advance!
Best regards!
Catalin
 
 


__________ Information from ESET NOD32 Antivirus, version of virus signature database 3922 (20090309) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com