Reputation: 580
ldap_add(): Add: Server is unwilling to perform
I'm just starting out with LDAP and Windows Server 2012. I have managed to get my PHP code to bind to the Active Directory using an Administrator account but I can seem to create a new user using the ldap_add function.
I'm running Windows Server 2012 R2 and IIS 8. I have installed the certificate authority with an enterprise root certificate and I am able to connect to AD using ldp.exe with an SSL connection.
I have looked through Google as well as the 'possible duplicate threads' but none of them have provided me a working answer over the last couple of hours that I have been looking.
When I use the following PHP code:
<?php
$ldaprdn = 'netclass\Administrator';
$ldappass = 'password here';
$ldapconn = ldap_connect('ldap://server.netclass.co.uk')
or die("Could not connect to LDAP server.");
if ($ldapconn) {
// binding to ldap server
$ldapbind = ldap_bind($ldapconn, $ldaprdn, $ldappass);
// verify binding
if ($ldapbind) {
echo "LDAP bind successful...";
} else {
echo "LDAP bind failed...";
}
// prepare data
$info["givenname"] = "Ronnie Brown";
$info["samaccountname"] = "br01";
$info["objectclass"] = "person";
// add data to directory
$r = ldap_add($ldapconn, "cn=Ronnie,dc=netclass,dc=co,dc=uk", $info); //Line 28
}
?>
I get the output:
LDAP bind successful...
Warning: ldap_add(): Add: Server is unwilling to perform in C:\inetpub\wwwroot\adduser.php on line 28
I have tried to enable SSL by changing:
$ldapconn = ldap_connect('ldap://server.netclass.co.uk')
to
$ldapconn = ldap_connect('ldaps://server.netclass.co.uk')
But I then get the following error:
Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in C:\inetpub\wwwroot\adduser.php on line 12
LDAP bind failed...
Warning: ldap_add(): Add: Can't contact LDAP server in C:\inetpub\wwwroot\adduser.php on line 28
Upvotes: 6
Views: 13460
Answers (1)
Reputation: 580
I managed to work out the answer today.
I added the following line into /etc/ldap/ldap.conf
TLS_REQCERT never
After this I was able to connect but was still getting the error message:
Server Unwilling to Perform
This was because I was trying to set the password plain text like:
$ldaprecord["unicodepwd"] = 'MyPassword1234'
You need to encode it first so once I change my code to this it works:
## Create Unicode password
## Assumes that given password is in UTF-8 encoding!
## Adjust it to the actual encoding of the password
$pwdtxt = "MyPassword1234";
$newPassword = '"' . $pwdtxt . '"';
$newPass = iconv( 'UTF-8', 'UTF-16LE', $newPassword );
$ldaprecord["unicodepwd"] = $newPassw;
Hope this helps someone!
Upvotes: 6
Related Questions
- Server is unwilling to perform. LDAP in PHP
- LDAP and PHP connection failure
- ldap_add error too vague
- Ldap connection failed in php?
- PHP ldap_bind() authentication - error Unable to bind to server: Invalid credentials?
- Warning: ldap_modify(): Modify: Server is unwilling to perform
- LDAP Operations error
- Ldap_add() : Invalid Syntax
- ldap_add in php returning "already exists 68" error
- PHP LDAP AUTHENTICATION FAILS