Reputation: 1023
Modifying AD LDAP objects with samaccountname
I have a php script which works but I need to change it to use an AD account (samaccountname) instead of CN in this sample;
<?php
$base_dn="CN=Peter Parker,OU=Subcontainer,OU=Subcontainer,OU=Container,
DC=domain,DC=com";
$ldapconn = ldap_connect("host.domain.com") or die("Could not connect to LDAP server.");
if ($ldapconn)
{
$ldapbind = ldap_bind($ldapconn, $ldapusername, $ldappassword);
if ($ldapbind)
{
echo "LDAP bind successful ...";
}
else
{
echo "LDAP bind failed ...";
}
}
$newinfo['ipphone']="555";
ldap_modify($ldapconn,$base_dn,$newinfo);
?>
The intention is to modify the ipphone object for users in AD, but I can't use CN because this input is not unique enough for the task. If the CN in the account's base DN is the descriptive name of the user, am I out of luck?
Upvotes: 0
Views: 774
Answers (1)
Reputation: 40958
You have to give ldap_modify the distinguished name (DN) of the account you want to change. There is no way around that.
If you start out only knowing the sAMAccountName, then you can search the domain for the account first, then grab the distinguishedName attribute from the results.
To search, use ldap_search using the filter "(sAMAccountName=username)"
Upvotes: 1
Related Questions
- What are CN, OU, DC in an LDAP search?
- PHP Secure LDAP / LDAPS to Azure Active Directory via Microsoft Entra Domain Services
- I can't install python-ldap
- Can't bind in php against Active Directory LDAP over SSL?
- LDAP bind with Win Server 2008 R2 Standard AD fails
- FR3DLdapBundle - Authentication request failed
- Authenticate users against Azure Active Directory from PHP web application
- What are the differences between LDAP and Active Directory?
- Ldap how to get memberof
- LDAP_search PHP