LdapRecord: [Bug] Cannot modify an arbitrary attribute on an Active Directory User object

Environment:

  • LDAP Server Type: ActiveDirectory
  • PHP Version: 8.1.2

In previous years when I have used the Adldap2 framework to mess around with our Active Directory users, I had a specific need to modify the msSFU30Password attribute on certain users. This worked great with Adldap2, and it actually still works great in a test project on my dev machine. I just made a new project from scratch and tested it out to prove to myself I’m not crazy.

With the LdapRecord library, however, I am trying to do the same thing and I am getting the following exception:

LdapRecord\LdapRecordException
ldap_modify_batch(): Batch Modify: Server is unwilling to perform

I thought maybe it was a credential issue, but my aforementioned barebones test project that I setup using Adldap2 is using the exact same connection information. In Adldap2, this successfully sets that attribute:

$user->msSFU30Password = $new_password_hash;
$user->save()

Now, in the land of LdapRecord, I can’t seem to translate this behavior over from Adldap2. If I get the User object (which is an instance of LdapRecord\Models\ActiveDirectory\User) and try to assign my new hash to the msSFU30Password attribute like above, I get the following error: ldap_modify_batch(): Batch Modify: Server is unwilling to perform

I feel like that is misleading, though. I know I have the proper credentials and that those credentials have enough permissions to make the change. Since this works in Adldap2, was this capability (specifically, the ability to assign a value to a random attribute key, like $user->msSFU30Password = “something”) not carried over to LdapRecord? Is there a different way to do it now that I haven’t picked up on from the docs.

PS for Steve - While this behavior might be a bug, I realize I might be pushing up to the area of asking for support. I went to go sponsor your Github profile, and there was this weird thing where Github showed the following:

Total amount: $5.00 / year
Due today: $60.00

Not sure what’s up with that, but it seemed backwards to me. Maybe I’m just having an off night when it comes to coding/Github 😛

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 23 (12 by maintainers)

Most upvoted comments

Boom, that was it, you found the issue. Also, dang it, I’m sorry for not fully grokking the connection and how it plays along! Doh! And if you remember, you helped me with this specific concept in the past. This was just a slightly nuanced variation on that. https://github.com/DirectoryTree/LdapRecord/discussions/351

I was able to modify the msSFU30Password after retrieving the user on the connection. In my head, I thought that retrieving it on the default connection and then setting the specific connection afterwards wouldn’t matter, but turns out it does.

I will test this some more and then bake it into my actual project to confirm full functionality, but I think I am good to go.

+1
nspaul on Feb 17, 2022
Read more comments on GitHub
← LdapRecord: [Bug] A non-numeric value encountered
LdapRecord: [Bug] Getting an exception for "paged results cookie is invalid" when chunking a model →