Search code examples
phpldapphpldapadmin

Warning: ldap_add(): Add: Object class violation

Over the past few days I've been trying to learn more about ldap, and I would now like to be able to create a new account on my phpldapadmin server from a webform. I have the values being passed back through php correctly, but I keep getting an objectclass violation error. I've scoured many different resources (including this one) and basically all that I can find is that the objectclass needs to match exactly how the dictionary is setup. I ran an export for some of the manually created users I already have working in there successfully, and this is an example of the output:

# LDIF Export for cn=api user,cn=students,ou=users,dc=myhost,dc=com
# Server: LDAP (ip)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 1
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on June 4,     2016 3:15 pm
# Version: 1.2.2

version: 1

# Entry 1: cn=api user,cn=students,ou=users,dc=myhost,dc=co...
dn: cn=test user,cn=students,ou=users,dc=myhost,dc=com
cn: test
gidnumber: 502
givenname: test
homedirectory: /home/users/testuser
loginshell: /bin/sh
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: tuser
uid: testuser
uidnumber: 1003
userpassword: {MD5}pass==

and I have tried mimicking it as closely as possible in my script (below), but I am still getting the violation error. No problems connecting or with any of the other fields, only the objectclass problem.

  $ds = ldap_connect($AD_server);  
    if ($ds) {

        ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); 
        $r = ldap_bind($ds, $AD_Auth_User, $AD_Auth_PWD); 
        $info["cn"] = $user_full_name;
        $info["sn"] = $user_username;
        $info['objectclass'][0] = "top";
        $info['objectclass'][1] = "posixAccount";
        $info['objectclass'][2] = "inetOrgPerson";
        $info['uid'] = $user_username;
        $info['userpassword'] = $newPassw;
        $info['loginshell'] = '/bin/sh';
        $info['homedirectory'] = "/home/users/$user_username";

        // add data to directory
        $r = ldap_add($ds, $dn, $info);

        ldap_close($ds);
    } else {
        echo "Unable to connect to LDAP server";
    }

I've played around with the objectclasses and tried switching their positions or using only inetOrgPerson, and still no luck. Any thoughts?

Solution

  • It looks like you need to make sure to pass every value back through. I was missing the uidnumber givenname and gidnumber fields. But now it works! :)