Casper LI Casper LI - 3 months ago 9
PHP Question

How to create a user with POSIX login ability in OpenLDAP via PHP?

The following method is used to create a user with POSIX login ability in the OpenLDAP database. Users having the account created by the following method can login any of the OpenLDAP client linux machine. When calling this method, I have to pass the following variables:


  • $ldapconn
    : Returned by
    ldap_connect
    .

  • $username
    : The username that I want to create.

  • $password
    : The password for logging in the account.






public static function createNewUser($ldapconn, $username, $password) {
if (!$ldapconn) { return false; }
require_once("LDAPConfigurator.php");
$r = ldap_bind($ldapconn, "cn=admin,dc=test,dc=com", "12345");

// Prepare data
$info = [
'cn' => $username,
'sn' => $username,
'gidNumber' => 502,
'homedirectory' => "/home/ldap/".$username,
'loginShell' => "/bin/sh",
'password' => $password,
'uidNumber' => 2333, // Can I set auto increment for this value?
'username' => $username,
'objectclass' => [
'inetOrgPerson',
'posixAccount',
'top'
]
];

// Add data to directory
$r = ldap_add($ldapconn, "cn=".$username",cn=users,ou=groups,dc=test,dc=com", $info);

return true;
}





For setting the
$info
object, I reference the attributes used in a POSIX user account in phpLDAPadmin and they all have the
required
label. However, I finally get the following error:

Warning: ldap_add(): Add: Undefined attribute type


So what is the proper
$info
object for creating a POSIX user?

Answer

It looks like you're trying to add attribute that are not supported. The username is neither supported by inetOrgPerson nor by posixAccount and the password-attribute should be userPassword according to the posixAccount.

For more information have a look at the supported attributes at http://www.zytrax.com/books/ldap/ape/#objectclasses