Hello!
I'm trying to write a php script in order to manage my LDAP Directory easier. Everything works fine when I'm adding new entries and when I'm modifying an attribute.
When it comes to delete an entry from my directory or to remove an attribute, I get error no. 8 which means
"PHP Warning: ldap_delete() [<a href='function.ldap-delete'>function.ldap-delete</a>]: Delete: Strong(er) authentication required in /var/www/html/admin.mydomain.tld/responsabil/sterge.php on line 34, referer: http://admin.mydomain.tld/responsabil/index.php?nav=del
[Tue Mar 10 07:15:03 2009] [error] [client 172.17.26.57] PHP Warning: ldap_mod_del() [<a href='function.ldap-mod-del'>function.ldap-mod-del</a>]: Modify: Strong(er) authentication required in /var/www/html/admin. mydomain.tld /responsabil/sterge.php on line 37, referer: http://admin. mydomain.tld /responsabil/index.php?nav=del"
Here is how I'm trying to do these:
<?php
$ldap = ldap_connect("localhost");
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
$r = @ldap_bind($ldap, "root","password");
$arrayCN=array("cn=",$login,",ou=people,dc=mydomain,dc=tld");
$CN=implode($arrayCN);
$arraygroup=array("cn=",$row_verifica[5],",ou=departments,dc=mydomain,dc=tld ");
$group=implode($arraygroup);
$entry["member"]=$CN;
$stergere=ldap_delete($ldap,$CN);
$modificare=ldap_mod_del($ldap,$group,$entry);
$closing=ldap_close($ldap);
?>
I think it has something to do with LDAP settings.
I'm using default settings for LDAP , I've only included a supplemental schema to fit it for my needs.
I've generated a {SSHA} password for root.
If needed, I can send all these files.
Can anyone help?
Any suggestion would be greatly appreciated.
Thanks in advance!
Best regards!
Catalin
Catalin wrote:
“PHP Warning: ldap_delete() [<a href='function.ldap-delete'>function.ldap-delete</a>]: Delete: Strong(er) authentication required in
Your PHP app is not correctly bound to the LDAP service.
$r = @ldap_bind($ldap, "root","password");
^^^^^^ I don't know PHP-LDAP but shouldn't this be a bind-DN? A simple bind has nothing to do with Unix user accounts such as "root".
Ciao, Michael.
Michael Ströder schrieb:
Catalin wrote:
“PHP Warning: ldap_delete() [<a href='function.ldap-delete'>function.ldap-delete</a>]: Delete: Strong(er) authentication required in
Your PHP app is not correctly bound to the LDAP service.
$r = @ldap_bind($ldap, "root","password");
^^^^^^I don't know PHP-LDAP but shouldn't this be a bind-DN? A simple bind has nothing to do with Unix user accounts such as "root".
Ciao, Michael.
correct, you need to specifiy a bind DN i.e. "cn=master,dc=mydomain,dc=com" in PHP ldap_bind will bind you anonymously when binding with user/password fails
Might also try using TLS. In some configurations the LDAP server won't let you modify records unless you meet a minimum security requirement and sometimes this means encrypting the session. Try this:
<?php $ldap = ldap_connect("localhost");
if(!(ldap_start_tls($ldap))) { $e=ldap_error($ldap); trigger_error("Error attempting to start TLS: $e", E_USER_WARNING); }
ldap_set_option($ldap,LDAP_OPT_PROTOCOL_VERSION, 3);
...
?>
The above will fall back to unencrypted if TLS fails. Add an 'exit (1);' or some such if you'd rather have it abort.
And, as mentioned, you should be using a complete DN for your username, something like "cn=root,dc=mydomain,dc=tld".
The PHP-LDAP libraries are not the greatest (the ldap_start_tls function has no documentation BTW) but it mostly works well enough.
hope that helps,
-james
On Mar 10, 2009, at 2:05 AM, Catalin wrote:
Hello!
I’m trying to write a php script in order to manage my LDAP Directory easier. Everything works fine when I’m adding new entries and when I’m modifying an attribute. When it comes to delete an entry from my directory or to remove an attribute, I get error no. 8 which means “PHP Warning: ldap_delete() [<a href='function.ldap- delete'>function.ldap-delete</a>]: Delete: Strong(er) authentication required in /var/www/html/admin.mydomain.tld/ responsabil/sterge.php on line 34, referer: http:// admin.mydomain.tld/responsabil/index.php?nav=del [Tue Mar 10 07:15:03 2009] [error] [client 172.17.26.57] PHP Warning: ldap_mod_del() [<a href='function.ldap-mod- del'>function.ldap-mod-del</a>]: Modify: Strong(er) authentication required in /var/www/html/admin. mydomain.tld /responsabil/ sterge.php on line 37, referer: http://admin. mydomain.tld / responsabil/index.php?nav=del”
Here is how I’m trying to do these:
<?php $ldap = ldap_connect("localhost"); ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); $r = @ldap_bind($ldap, "root","password"); $arrayCN=array("cn=",$login,",ou=people,dc=mydomain,dc=tld"); $CN=implode($arrayCN); $arraygroup=array("cn=",$row_verifica [5],",ou=departments,dc=mydomain,dc=tld"); $group=implode($arraygroup); $entry["member"]=$CN; $stergere=ldap_delete($ldap,$CN); $modificare=ldap_mod_del($ldap,$group,$entry); $closing=ldap_close($ldap); ?>
I think it has something to do with LDAP settings. I’m using default settings for LDAP , I’ve only included a supplemental schema to fit it for my needs. I’ve generated a {SSHA} password for root. If needed, I can send all these files. Can anyone help? Any suggestion would be greatly appreciated.
Thanks in advance! Best regards! Catalin
__________ Information from ESET NOD32 Antivirus, version of virus signature database 3922 (20090309) __________
The message was checked by ESET NOD32 Antivirus.
openldap-technical@openldap.org
-
Catalin -
Daniel T. Bender -
James Bagley -
Michael Ströder