ID: 45477 User updated by: alexis dot robert at gmail dot com Reported By: alexis dot robert at gmail dot com Status: Bogus Bug Type: LDAP related Operating System: * PHP Version: 5.2.6 New Comment:
I've done a patch which fixes the bug. It creates a ldap_mod_deleteadd function which delete an attribute and adding it in the same LDAP request. Some parts of the code is imported from pam_ldap. This bug also appears with MS Active Directory (when you bind without admin rights). The syntax is pretty obvious (but not very clean asap, i wanted to know if you like it before making it as pretty as ldap_mod_replace) : ldap_mod_deleteadd(resource link, string dn, string attr, string old, string new[, boolean binary = false]) The boolean binary attribute is here for AD which uses an unicode encoded password (and so needs LDAP_MOD_BVALUES). Currently waiting for your insults :) Alexis (The patch is at : http://alexis.robertlan.eu.org/tmp/001-ldap_php-add-mod_deleteadd.diff - created by cvs diff) Previous Comments: ------------------------------------------------------------------------ [2008-07-18 11:56:50] alexis dot robert at gmail dot com OK. I've done a *lot* of researchs (trying to make TLS/SSL work, and some other fun things -- I hate certificates) and I discovered by analysing with tcpdump/wireshark that the current Java program make the delete+add orders in the same request, when my PHP software makes it in two different requests. So, NDS refuses to let the users have no userPassword attribute for a short period of time : that is the reason of the "Server unwilling to perform". As I don't think we can queue the requests in a FIFO-like stack in php_ldap's API, is it possible to send a LDIF using php_ldap ? That sounds to be a great solution. Thanks a lot Alexis ------------------------------------------------------------------------ [2008-07-11 15:59:51] alexis dot robert at gmail dot com I don't have any access to the LDAP server. I'll try to request them on Tuesday (if I had them, it would be the first thing I would check). ------------------------------------------------------------------------ [2008-07-11 15:17:02] [EMAIL PROTECTED] Works -> Bogus. ------------------------------------------------------------------------ [2008-07-11 15:16:34] [EMAIL PROTECTED] Well, should you then check in the server logs WHY it doesn't want to perform? ------------------------------------------------------------------------ [2008-07-11 15:16:29] alexis dot robert at gmail dot com Hmmm ... you are right. Sorry, it works like this. I thought I have tested this case. Now I have a LDAP issue :) Apologies. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/45477 -- Edit this bug report at http://bugs.php.net/?id=45477&edit=1