Adding users to groups in AD via LDAP

me-notu-me

I'm using LDAP to query Active Directory and can sucessfully create users but I also want to be able to place my nice new users into a group.

I found some material on MSDN that suggested sending a memberOf or member attribute along with the rest of the users information but when I do this I get "Add: Server is unwilling to perform in blah" returned from my add query. I tried moving an existing user into a group using ldap_modify and that returned pretty much the same thing.

Does anyone know how I can do this?

BuzzLY

$searchterm = "PHP or MySQL or Apache";
$results = doSearch($above_post, $searchterm);
If (isempty($results)) {
    echo "Go to a forum where such questions are relevant";
} else {
    echo "If this has anything to do with PHP, why don't you ".
        "tell us how you are doing it in that context?  Perhaps ".
        "a bit of code?";
}

maxpup979

Very nice reply Buzz--🙂

and I don't know for certain that you can do this with AD, but I have done the same thing with OpenLDAP, eDirectory, and iPLanet--so unless MS has a completely different interface it should work--

use ldap_mod_add

When you are adding members to a group, you are really adding an entry to an existing attribute of that group

bastien

the here has some user comments about adding a user to AD...it might help

maxpup979

Excellent pointer Bastian--And that is one of the ways you can add a brand new user to an LDAP system--However, in this case, an existing user is being added to an existing group--assuming that you are using a fairly standard schema, you are wanting to alter the contents of an attribute of an exsting group (by adding a new member)--not add a new group entirely. I can't tell you how long it took me to figure THAT one out...LDAP can get very confusing when you are first using it.

so the function you need in this case is ldap_mod_add

me-notu-me

Thank you Buzzly for you ill informed and wanky response. Sorry if I scared you with terms like MSDN and active directory but as everyone else realised the reason I'm posting on php builder is because I'm accessing it through (yep you guessed it) php!!!

Thank you maxpup979 for your reply. I haven't tried the ldap_mod_add yet but will do so today and will update this thread with the result.

BuzzLY

Hello you-notme-you,

If you don't like one's response, no need to insult them (do you always make it a habit to insult moderators by your second post?). I was simply trying to say in a humorous "PHP code" way that I might be able to help you if you post your code so that I could see what you were doing. I suppose I must stop assuming that everyone has a sense of humor. You don't happen to work at M$, do you?

BTW... wanky??? I was definitely going for "ill-informed," but certainly not "wanky!"

Thank you, you-notme-you, for your witty response. I needed a good chuckle 🙂

Anyway, I hope this works out for you, and that you have a wonderful day 😃