Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 2.2.0

Bug #14719 unable to reset unicodePwd (Active Directory)
Submitted: 2008-09-29 06:21 UTC
From: pagaille Assigned: beni
Status: Closed Package: Net_LDAP2 (version 2.0.0RC3)
PHP Version: 5.2.5 OS: ubuntu 6.06
Roadmaps: 2.0.0    
Subscription  


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 23 + 20 = ?

 
 [2008-09-29 06:21 UTC] pagaille (Kristin Stromberg)
Description: ------------ Active Directory doesn't allow you to search for an existing value in unicodePwd field. I'm able to set the unicodePwd for entries that don't already have a pwd. But there's no way to reset the unicodePwd since Net_LDAP2 appears to check the existing value... when it doesn't find one, it tries to add a new one, resulting in an error message. Test script: --------------- $result = $entry->replace(array('unicodePwd' => 'testpwd'); if (Net_LDAP2::isError($result)) { die($result->getMessage()); } $result = $entry->update(); if (Net_LDAP2::isError($result)) { die($result->getMessage()); } Actual result: -------------- Could not add new values to attribute unicodePwd: Type or value exists: LDAP_TYPE_OR_VALUE_EXISTS

Comments

 [2008-10-01 13:08 UTC] beni (Benedikt Hallinger)
Thank you for your bug report! Unfortunately i don't have an AD to test this issue, but i think if you help me, we can fix that quite quickly. I suppose this is an encofing issue since PHP runs with latin-1 internally so utf-8 checks may fail. The check you suppose inside Net_LDAP is actualy done at your directory server. replace() does not check if the value already exists. To verify this and exclude other pitfalls, please do the following things: 1) add a call to $entry->getEntry() to see if Net_LDAP sees the value. If it does not see the value, check if you have selected it at entry fetching time (eg at $ldap->search() or $ldap->getEntry()). It may also be likely that the ldap server refuses to send the attribute value to the client via LDAP, however that depends on credentials. 2) Add a check to compare the values (existing/replace) at client side to see if they are compared correctly. Do both, compare before and after calling $ldap->utf8Decode() to be sure that no problems exist due to language settings.
 [2008-10-04 18:17 UTC] pagaille (Kristin Stromberg)
Problem is due to the fact that Active Directory will not allow you to read the unicodePwd attribute (see: http://support.microsoft.com/?kbid=269190). I got around this by adding a $force=false option to the the replace() method in the Entry class and then changing if ($this->exists($k)) to if ($this->exists($k) || $force). Here's the new method (sorry, no patch): public function replace($attr = array(), $force=false) { if (false == is_array($attr)) { return PEAR::raiseError("Parameter must be an array"); } foreach ($attr as $k => $v) { $k = $this->_getAttrName($k); if (false == is_array($v)) { // delete attributes with empty values if ($v == null) { $this->delete($k); continue; } else { $v = array($v); } } // existing attributes will get replaced if ($this->exists($k) || $force) { $this->_changes["replace"][$k] = $v; $this->_attributes[$k] = $v; } else { // new ones just get added $this->add(array($k => $v)); } } $return = true; return $return; }
 [2008-10-06 07:27 UTC] beni (Benedikt Hallinger)
Thank you very much for your patch. I will review it as soon as i got some time, because i must verify that it does not have bad side effects on the API. However, so far the patch looks good!
 [2008-10-16 09:05 UTC] beni (Benedikt Hallinger)
This bug has been fixed in CVS. If this was a documentation problem, the fix will appear on pear.php.net by the end of next Sunday (CET). If this was a problem with the pear.php.net website, the change should be live shortly. Otherwise, the fix will appear in the package's next release. Thank you for the report and for helping us make PEAR better.