我有以下用于修改Active Directory中的详细信息的代码:
function updateActiveDirectory($user, $first, $last, $mail, $number, $title, $service, $team)
{
$server = "DC-1";
$unit = "OU=Staff,OU=Users,DC=rugby,DC=internal";
$ds = ldap_connect($server);
if(!$ds)
{
return "Cannot connect to LDAP server";
}
$bind = ldap_bind($ds, "DOMAIN\Administrator", "PASSWORD");
if(!$bind)
{
return "Couldn't bind to LDAP server";
}
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$sr = ldap_search($ds, $unit, "(sAMAccountName={$user})");
$ent= ldap_get_entries($ds, $sr);
$userdata = array();
$userdata["cn"][0]=$first. " ".$last;
$userdata["sn"][0]=$last;
$userdata["mail"][0]=$mail;
$userdata["telephonenumber"][0]=$number;
$userdata["company"][0]=$service;
$userdata["department"][0]=$team;
$userdata["title"][0]=$title;
$name = $ent[0]["dn"];
ldap_modify($ds, $name, $userdata);
}
我正在警告:
ldap_modify():修改:RDN上不允许操作
但我无法在网上找到有关此问题的任何内容。这有什么问题?
答案 0 :(得分:2)
您无法像这样修改CN属性。该属性构成RDN。如果您需要修改它,您应该使用ldap_rename()功能:
$rdn = 'cn='.ldap_escape($first." ".$last, null, LDAP_ESCAPE_DN);
ldap_rename($ds, $ent[0]["dn"], $rdn, null, true);