view raw
Casper LI Casper LI - 8 months ago 38
PHP Question

How to create a user with POSIX login ability in OpenLDAP via PHP?

The following method is used to create a user with POSIX login ability in the OpenLDAP database. Users having the account created by the following method can login any of the OpenLDAP client linux machine. When calling this method, I have to pass the following variables:

  • $ldapconn
    : Returned by

  • $username
    : The username that I want to create.

  • $password
    : The password for logging in the account.

public static function createNewUser($ldapconn, $username, $password) {
if (!$ldapconn) { return false; }
$r = ldap_bind($ldapconn, "cn=admin,dc=test,dc=com", "12345");

// Prepare data
$info = [
'cn' => $username,
'sn' => $username,
'gidNumber' => 502,
'homedirectory' => "/home/ldap/".$username,
'loginShell' => "/bin/sh",
'password' => $password,
'uidNumber' => 2333, // Can I set auto increment for this value?
'username' => $username,
'objectclass' => [

// Add data to directory
$r = ldap_add($ldapconn, "cn=".$username",cn=users,ou=groups,dc=test,dc=com", $info);

return true;

For setting the
object, I reference the attributes used in a POSIX user account in phpLDAPadmin and they all have the
label. However, I finally get the following error:

Warning: ldap_add(): Add: Undefined attribute type

So what is the proper
object for creating a POSIX user?


It looks like you're trying to add attribute that are not supported. The username is neither supported by inetOrgPerson nor by posixAccount and the password-attribute should be userPassword according to the posixAccount.

For more information have a look at the supported attributes at