#45477 [Bgs]: ldap_mod_del() fails to remove attribute
ID: 45477 User updated by: alexis dot robert at gmail dot com Reported By: alexis dot robert at gmail dot com Status: Bogus Bug Type: LDAP related Operating System: * PHP Version: 5.2.6 New Comment: I've done a patch which fixes the bug. It creates a ldap_mod_deleteadd function which delete an attribute and adding it in the same LDAP request. Some parts of the code is imported from pam_ldap. This bug also appears with MS Active Directory (when you bind without admin rights). The syntax is pretty obvious (but not very clean asap, i wanted to know if you like it before making it as pretty as ldap_mod_replace) : ldap_mod_deleteadd(resource link, string dn, string attr, string old, string new[, boolean binary = false]) The boolean binary attribute is here for AD which uses an unicode encoded password (and so needs LDAP_MOD_BVALUES). Currently waiting for your insults :) Alexis (The patch is at : http://alexis.robertlan.eu.org/tmp/001-ldap_php-add-mod_deleteadd.diff - created by cvs diff) Previous Comments: [2008-07-18 11:56:50] alexis dot robert at gmail dot com OK. I've done a *lot* of researchs (trying to make TLS/SSL work, and some other fun things -- I hate certificates) and I discovered by analysing with tcpdump/wireshark that the current Java program make the delete+add orders in the same request, when my PHP software makes it in two different requests. So, NDS refuses to let the users have no userPassword attribute for a short period of time : that is the reason of the Server unwilling to perform. As I don't think we can queue the requests in a FIFO-like stack in php_ldap's API, is it possible to send a LDIF using php_ldap ? That sounds to be a great solution. Thanks a lot Alexis [2008-07-11 15:59:51] alexis dot robert at gmail dot com I don't have any access to the LDAP server. I'll try to request them on Tuesday (if I had them, it would be the first thing I would check). [2008-07-11 15:17:02] [EMAIL PROTECTED] Works - Bogus. [2008-07-11 15:16:34] [EMAIL PROTECTED] Well, should you then check in the server logs WHY it doesn't want to perform? [2008-07-11 15:16:29] alexis dot robert at gmail dot com Hmmm ... you are right. Sorry, it works like this. I thought I have tested this case. Now I have a LDAP issue :) Apologies. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/45477 -- Edit this bug report at http://bugs.php.net/?id=45477edit=1
#45477 [Bgs]: ldap_mod_del() fails to remove attribute
ID: 45477 User updated by: alexis dot robert at gmail dot com Reported By: alexis dot robert at gmail dot com Status: Bogus Bug Type: LDAP related Operating System: * PHP Version: 5.2.6 New Comment: OK. I've done a *lot* of researchs (trying to make TLS/SSL work, and some other fun things -- I hate certificates) and I discovered by analysing with tcpdump/wireshark that the current Java program make the delete+add orders in the same request, when my PHP software makes it in two different requests. So, NDS refuses to let the users have no userPassword attribute for a short period of time : that is the reason of the Server unwilling to perform. As I don't think we can queue the requests in a FIFO-like stack in php_ldap's API, is it possible to send a LDIF using php_ldap ? That sounds to be a great solution. Thanks a lot Alexis Previous Comments: [2008-07-11 15:59:51] alexis dot robert at gmail dot com I don't have any access to the LDAP server. I'll try to request them on Tuesday (if I had them, it would be the first thing I would check). [2008-07-11 15:17:02] [EMAIL PROTECTED] Works - Bogus. [2008-07-11 15:16:34] [EMAIL PROTECTED] Well, should you then check in the server logs WHY it doesn't want to perform? [2008-07-11 15:16:29] alexis dot robert at gmail dot com Hmmm ... you are right. Sorry, it works like this. I thought I have tested this case. Now I have a LDAP issue :) Apologies. [2008-07-11 15:15:24] alexis dot robert at gmail dot com It says : REMOVE : Warning: ldap_mod_del() [function.ldap-mod-del]: Modify: Server is unwilling to perform in C:\wamp\www\bug.php on line 11 The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/45477 -- Edit this bug report at http://bugs.php.net/?id=45477edit=1
#45477 [Bgs]: ldap_mod_del() fails to remove attribute
ID: 45477 User updated by: alexis dot robert at gmail dot com Reported By: alexis dot robert at gmail dot com Status: Bogus Bug Type: LDAP related Operating System: * PHP Version: 5.2.6 New Comment: I don't have any access to the LDAP server. I'll try to request them on Tuesday (if I had them, it would be the first thing I would check). Previous Comments: [2008-07-11 15:17:02] [EMAIL PROTECTED] Works - Bogus. [2008-07-11 15:16:34] [EMAIL PROTECTED] Well, should you then check in the server logs WHY it doesn't want to perform? [2008-07-11 15:16:29] alexis dot robert at gmail dot com Hmmm ... you are right. Sorry, it works like this. I thought I have tested this case. Now I have a LDAP issue :) Apologies. [2008-07-11 15:15:24] alexis dot robert at gmail dot com It says : REMOVE : Warning: ldap_mod_del() [function.ldap-mod-del]: Modify: Server is unwilling to perform in C:\wamp\www\bug.php on line 11 [2008-07-11 15:01:04] [EMAIL PROTECTED] Have you tried this: ldap_mod_del($cnx,$dn,array('userPassword' = array())); The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/45477 -- Edit this bug report at http://bugs.php.net/?id=45477edit=1