Zend Ldap attribute error in Synfony 2 and Active Directory

StackOverflow https://stackoverflow.com/questions/23396461

Question

I'm bulding a Symfony2 app and I need to connect to my AD server to add a user when they register on the website. I use the ZendLdap class included in SF2. I also use FOSUserBundle to handle register and login. The connection to the server works fine but I have this error when I try to add an entry: 

0x10 (No such attribute; 00000057: LdapErr: DSID-0C090D87, comment: Error in attribute conversion operation, data 0, v2580): adding: cn=jordane,ou=CUBBYHOLE,dc=cubbyhole,dc=me"}]

I've searched a lot to figure out why I can't add my user, I think all my attributes are ok and correctly spelled but maybe I made a misconfiguration. Here is my class:

class LdapRegistrationController extends BaseController {

protected $ldapDriver;

public function __construct()
{
    $ldapOptions = array(
        'host' => 'cubbyhole.me',
        'port' => 389,
        'useStartTls' => false,
        'useSsl' => false,
        'username' => 'CUBBYHOLE\Administrateur',
        'accountCanonicalForm' => 3,
        'password' => 'mypassword',
        'accountDomainName' => 'cubbyhole.me',
        'accountDomainNameShort' => 'CUBBYHOLE',
        'baseDn' => 'CN=Users, dc=cubbyhole, dc=me',
        'accountFilterFormat' => '(&(objectClass=Top:person;organizationalPerson;user))'
    );

    //connection
    try
    {
        $this->ldapDriver = new Ldap($ldapOptions);
        $this->ldapDriver->bind();
    }
    catch(Exception $e)
    {
        throw new LdapException("Error connecting to LDAP. Exception message: ".$e->getMessage());
    }
}

/**
 * @param User $user
 * @throws \Zend\Ldap\Exception\LdapException
 */
public function addUserInLdap(User $user=null)
{
    if($user != null)
    {
        //add in ldap
        $entry = array();
        Attribute::setAttribute($entry, 'cn', $user->getUsername());
        Attribute::setAttribute($entry, 'sn', $user->getUsername());
        Attribute::setAttribute($entry, 'givenName', $user->getUsername());
        Attribute::setAttribute($entry, 'displayName', $user->getUsername());
        Attribute::setAttribute($entry, 'userPrincipalName', $user->getUsername());
        Attribute::setAttribute($entry, 'distinguishedName', $user->getUsername());
        $objectClass = array('top:person', 'organizationalPerson', 'user');
        Attribute::setAttribute($entry, 'objectClass', $objectClass);
        Attribute::setAttribute($entry, 'objectCategory', 'person');
        Attribute::setAttribute($entry, 'mail', $user->getEmailCanonical());
        Attribute::setAttribute($entry, 'userAccountControl', 66048);
        Attribute::setPassword($entry, $user->getPlainPassword(), Attribute::PASSWORD_HASH_SHA);
        try
        {
            $this->ldapDriver->add('cn='.$user->getUsername().',ou=CUBBYHOLE,dc=cubbyhole,dc=me', $entry);
        }
        catch(Exception $e)
        {
            throw new LdapException("LDAP Error. Exception message: ".$e->getMessage());
        }
    }
    else
        throw new LdapException("Object user is null");
}

}

Does anyone have an idea of what could be wrong ? Thanks :)

Was it helpful?

Solution

I think the issue is in the format you have for the distinguishedName and userPrincipalName attribute. The user principal name should be in a format like username@domain.local while the distinguished name is essentially the LDAP path to the object, such as cn=someUser,ou=someOU,dc=domain,dc=local.

Attribute::setAttribute($entry, 'userPrincipalName', $user->getUsername() . '@cubbyhole.me');
Attribute::setAttribute($entry, 'distinguishedName', 'cn=' . $user->getUsername() . ',ou=CUBBYHOLE,dc=cubbyhole,dc=me');

OTHER TIPS

OK so thanks to ChadSikorra's help I finally managed it. Now everything works fine and I have an entity created in my AD with an activated user-account and a password that never expires. The problem was with the type of entity I was trying to match, in AD an User is called an inetOrgPerson so it couldn't work. Here the final code for those who may encouter the same problem. Have a nice day !

public function addUserInLdap(User $user=null)
{
    if($user != null)
    {
        //add in AD
        $entry = array();
        Attribute::setAttribute($entry, 'cn', $user->getUsername());
        Attribute::setAttribute($entry, 'sn', $user->getUsername());
        Attribute::setAttribute($entry, 'userPrincipalName', $user->getEmailCanonical());
        Attribute::setAttribute($entry, 'samAccountName', $user->getUsername());
        Attribute::setAttribute($entry, 'objectClass', 'inetOrgPerson');
        Attribute::setAttribute($entry, 'mail', $user->getEmailCanonical());
        Attribute::setAttribute($entry, 'userAccountControl', 66080); //activated account with non-expire password
        Attribute::setPassword($entry, $user->getPlainPassword(), Attribute::PASSWORD_HASH_SHA);
        try
        {
            $this->ldapDriver->add('cn='.$user->getUsername().',ou=CUBBYHOLE,dc=cubbyhole,dc=me', $entry);
        }
        catch(Exception $e)
        {
            throw new LdapException("Error inserting in LDAP. Exception message: ".$e->getMessage());
        }
    }
    else
        throw new LdapException("Can't add user in LDAP. User is null");
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top