我正在构建一个Symfony2应用程序,我需要连接到我的AD服务器,以便在用户在网站上注册时添加用户。我使用SF2中包含的ZendLdap类。我还使用FOSUserBundle来处理注册和登录。 与服务器的连接工作正常但我在尝试添加条目时出现此错误:
0x10 (No such attribute; 00000057: LdapErr: DSID-0C090D87, comment: Error in attribute conversion operation, data 0, v2580): adding: cn=jordane,ou=CUBBYHOLE,dc=cubbyhole,dc=me"}]
我经常搜索以找出我无法添加用户的原因,我认为我的所有属性都可以正确拼写,但也许我的配置错误。 这是我的班级:
class LdapRegistrationController extends BaseController {
protected $ldapDriver;
public function __construct()
{
$ldapOptions = array(
'host' => 'cubbyhole.me',
'port' => 389,
'useStartTls' => false,
'useSsl' => false,
'username' => 'CUBBYHOLE\Administrateur',
'accountCanonicalForm' => 3,
'password' => 'mypassword',
'accountDomainName' => 'cubbyhole.me',
'accountDomainNameShort' => 'CUBBYHOLE',
'baseDn' => 'CN=Users, dc=cubbyhole, dc=me',
'accountFilterFormat' => '(&(objectClass=Top:person;organizationalPerson;user))'
);
//connection
try
{
$this->ldapDriver = new Ldap($ldapOptions);
$this->ldapDriver->bind();
}
catch(Exception $e)
{
throw new LdapException("Error connecting to LDAP. Exception message: ".$e->getMessage());
}
}
/**
* @param User $user
* @throws \Zend\Ldap\Exception\LdapException
*/
public function addUserInLdap(User $user=null)
{
if($user != null)
{
//add in ldap
$entry = array();
Attribute::setAttribute($entry, 'cn', $user->getUsername());
Attribute::setAttribute($entry, 'sn', $user->getUsername());
Attribute::setAttribute($entry, 'givenName', $user->getUsername());
Attribute::setAttribute($entry, 'displayName', $user->getUsername());
Attribute::setAttribute($entry, 'userPrincipalName', $user->getUsername());
Attribute::setAttribute($entry, 'distinguishedName', $user->getUsername());
$objectClass = array('top:person', 'organizationalPerson', 'user');
Attribute::setAttribute($entry, 'objectClass', $objectClass);
Attribute::setAttribute($entry, 'objectCategory', 'person');
Attribute::setAttribute($entry, 'mail', $user->getEmailCanonical());
Attribute::setAttribute($entry, 'userAccountControl', 66048);
Attribute::setPassword($entry, $user->getPlainPassword(), Attribute::PASSWORD_HASH_SHA);
try
{
$this->ldapDriver->add('cn='.$user->getUsername().',ou=CUBBYHOLE,dc=cubbyhole,dc=me', $entry);
}
catch(Exception $e)
{
throw new LdapException("LDAP Error. Exception message: ".$e->getMessage());
}
}
else
throw new LdapException("Object user is null");
}
}
有没有人知道可能出现什么问题? 谢谢:))
答案 0 :(得分:0)
我认为问题的格式是distinguishedName和userPrincipalName属性。用户主体名称应采用username@domain.local格式,而可分辨名称实际上是对象的LDAP路径,例如cn=someUser,ou=someOU,dc=domain,dc=local。
Attribute::setAttribute($entry, 'userPrincipalName', $user->getUsername() . '@cubbyhole.me');
Attribute::setAttribute($entry, 'distinguishedName', 'cn=' . $user->getUsername() . ',ou=CUBBYHOLE,dc=cubbyhole,dc=me');
答案 1 :(得分:0)
好的,谢谢ChadSikorra的帮助,我终于成功了。现在一切正常,我在我的AD中创建了一个实体,其中包含一个激活的用户帐户和一个永不过期的密码。 问题在于我试图匹配的实体类型,在AD中,用户被称为inetOrgPerson,因此它无法工作。这里是那些可能会遇到同样问题的人的最终代码。祝你有愉快的一天!
public function addUserInLdap(User $user=null)
{
if($user != null)
{
//add in AD
$entry = array();
Attribute::setAttribute($entry, 'cn', $user->getUsername());
Attribute::setAttribute($entry, 'sn', $user->getUsername());
Attribute::setAttribute($entry, 'userPrincipalName', $user->getEmailCanonical());
Attribute::setAttribute($entry, 'samAccountName', $user->getUsername());
Attribute::setAttribute($entry, 'objectClass', 'inetOrgPerson');
Attribute::setAttribute($entry, 'mail', $user->getEmailCanonical());
Attribute::setAttribute($entry, 'userAccountControl', 66080); //activated account with non-expire password
Attribute::setPassword($entry, $user->getPlainPassword(), Attribute::PASSWORD_HASH_SHA);
try
{
$this->ldapDriver->add('cn='.$user->getUsername().',ou=CUBBYHOLE,dc=cubbyhole,dc=me', $entry);
}
catch(Exception $e)
{
throw new LdapException("Error inserting in LDAP. Exception message: ".$e->getMessage());
}
}
else
throw new LdapException("Can't add user in LDAP. User is null");
}