Reputation: 4635
How do I set a LDAP Attribute to NULL
I am using the PHP LDAP library to access Microsofts Active Directory and I am looking for a clean way to empty single value attributes.
I am using ldap_modify (http://php.net/manual/de/function.ldap-modify.php) to update active directory contacts. Unfortunately, I receive a syntax error from the ldap library when I try to write an empty string (''). This happens when I try to override a single value contacts attribute while I do not have a new one.
Is there a clean way to delete ldap attributes with single values? My only solution right now is to write ' ' (single space), but I feel like this could cause other problems.
Cleaning up multi value attributes is simple by the way. LDAP does allow inserting empty arrays (array()).
Thanks a lot for your support.
Upvotes: 3
Views: 3214
Answers (1)
Reputation: 4635
I found a good way to empty active directory attributes.
For both, multi value and single value attributes, submitting an empty array with ldap_modify does empty the attribute.
$entry = array();
$entry["member"] = array();
ldap_modify($link, $dn, $entry);
Why I was confused in the first place: it is not allowed however to submit an empty array via ldap_add(). I used the same mapping function for both ldap_modify and ldap_add operations and I got errors tryping to submit empty attributes via ldap_add. This is not allowed.
Nice to know: it is allowed to submit an empty array via ldap_modify even if this attribute has been empty or not even set yet.
Upvotes: 6
Related Questions
- PHP LDAP retrieve non default attribute/property "lockedOut"
- ldap_add(): Unknown attribute in the data
- PHP ldap connection always turns out true
- php bind ldap to active directory
- Modifying AD LDAP objects with samaccountname
- How do I delete one attribute in LDAP with LDIF?
- adding a LDAP attribute with PHP
- PHP LDAP Connection
- .Net code to set an Active Directory attribute to "not set"
- LDAP modify replace attribute with NULL value