Edit report at http://bugs.php.net/bug.php?id=45477&edit=1
ID: 45477 Updated by: [email protected] Reported by: alexis dot robert at gmail dot com Summary: ldap_mod_del() fails to remove attribute -Status: Open +Status: Feedback Type: Bug Package: LDAP related Operating System: * PHP Version: 5.2.6 New Comment: What's wrong with http://php.net/ldap_mod_replace ? Previous Comments: ------------------------------------------------------------------------ [2010-04-25 15:58:25] alexis dot robert at gmail dot com Is it solved in the main tree ? Else, can somebody can review my patch and tell me how it is ? I know it's a bit old (and maybe it needs a resync) but I had a lot of work to do this past two years for my classes. Thanks in advance :) Alexis ------------------------------------------------------------------------ [2008-08-19 11:51:34] alexis dot robert at gmail dot com I've done a patch which fixes the bug. It creates a ldap_mod_deleteadd function which delete an attribute and adding it in the same LDAP request. Some parts of the code is imported from pam_ldap. This bug also appears with MS Active Directory (when you bind without admin rights). The syntax is pretty obvious (but not very clean asap, i wanted to know if you like it before making it as pretty as ldap_mod_replace) : ldap_mod_deleteadd(resource link, string dn, string attr, string old, string new[, boolean binary = false]) The boolean binary attribute is here for AD which uses an unicode encoded password (and so needs LDAP_MOD_BVALUES). Currently waiting for your insults :) Alexis (The patch is at : http://alexis.robertlan.eu.org/tmp/001-ldap_php-add-mod_deleteadd.diff - created by cvs diff) ------------------------------------------------------------------------ [2008-07-18 11:56:50] alexis dot robert at gmail dot com OK. I've done a *lot* of researchs (trying to make TLS/SSL work, and some other fun things -- I hate certificates) and I discovered by analysing with tcpdump/wireshark that the current Java program make the delete+add orders in the same request, when my PHP software makes it in two different requests. So, NDS refuses to let the users have no userPassword attribute for a short period of time : that is the reason of the "Server unwilling to perform". As I don't think we can queue the requests in a FIFO-like stack in php_ldap's API, is it possible to send a LDIF using php_ldap ? That sounds to be a great solution. Thanks a lot Alexis ------------------------------------------------------------------------ [2008-07-11 15:59:51] alexis dot robert at gmail dot com I don't have any access to the LDAP server. I'll try to request them on Tuesday (if I had them, it would be the first thing I would check). ------------------------------------------------------------------------ [2008-07-11 15:17:02] [email protected] Works -> Bogus. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=45477 -- Edit this bug report at http://bugs.php.net/bug.php?id=45477&edit=1
