I'm developing a Webinterface to manage Active Directory. Some things I've done are working. For example adding / removing groups to / from a user or unlocking. So I think the connection and authentifikation is correct.
My problem is now, that I can't create an user with the Webinterface. The Warning-Message is:
Warning: ldap_add(): Add: Server is unwilling to perform in C:\xampp\htdocs\dashboard\create-user.php on line 39 Fehler beim Erstellen des Benutzers: Server is unwilling to perform LDAP-Error:Server is unwilling to perform
For your understanding, I post the complete code:
File: ldap-connect.php
<?php
// Configure connection
$config = [
'ldapServer' => 'ldap://192.168.31.201',
'ldapPort' => 389,
'username' => 'company\\Administrator',
'password' => 'topsecret',
'userBaseDN' => 'OU=UserDirectory,DC=company,DC=local',
'globalGroupsBaseDN' => 'OU=GlobalGroups,DC=company,DC=local',
'localGroupsBaseDN' => 'OU=LocalGroups,DC=company,DC=local',
'serverIP' => '192.168.31.201',
'departmentShare' => 'Department'
];
function connectToLDAP($config)
{
// Create connect
$ldapConnection = ldap_connect($config['ldapServer'], $config['ldapPort']) or die("Verbindung zum LDAP-Server fehlgeschlagen");
// LDAP-Binding
ldap_set_option($ldapConnection, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option(null, LDAP_OPT_DEBUG_LEVEL, 7);
ldap_set_option($ldapConnection, LDAP_OPT_REFERRALS, 0);
ldap_bind($ldapConnection, $config['username'], $config['password']) or die("Anmeldung fehlgeschlagen");
return $ldapConnection;
}
?>
The form:
<!DOCTYPE html>
<html>
<head>
<title>Create User</title>
<script>
function generateCN()
{
var firstName = document.getElementById("givenName").value;
var lastName = document.getElementById("sn").value;
var cnField = document.getElementById("cn");
cnField.value = firstName + " " + lastName;
}
function replaceSpecialCharacters(str)
{
var replacements = {
"ä": "ae",
"ö": "oe",
"ü": "ue",
"ß": "ss"
};
return str.replace(/[äöüß]/gi, function(matched) {
return replacements[matched];
});
}
function generateUsername()
{
var firstName = document.getElementById("givenName").value;
var lastName = document.getElementById("sn").value;
var usernameField = document.getElementById("samAccountName");
var username = (firstName + "." + lastName).toLowerCase();
// Replace special characters and umlauts
username = replaceSpecialCharacters(username);
usernameField.value = username;
}
</script>
</head>
<body>
<h2>Benutzer erstellen</h2>
<form action="create-user.php" method="post">
<label for="ou">Organizational Unit (OU):</label>
<select name="ou" id="ou">
<?php
// LDAP-Query, show OUs under userBaseDN
$userBaseDN = $config['userBaseDN'];
$ouSearchBaseDN = $userBaseDN;
$ouSearchFilter = "(objectClass=organizationalUnit)";
$ouSearchAttributes = ['name'];
$ouSearchResult = ldap_search($ldapConnection, $ouSearchBaseDN, $ouSearchFilter, $ouSearchAttributes);
$ouEntries = ldap_get_entries($ldapConnection, $ouSearchResult);
// Dropdown-Optionen, Show available OUs
for ($i = 0; $i < $ouEntries['count']; $i++) {
$ouName = $ouEntries[$i]['name'][0];
if ($ouName !== "UserDirectory") {
echo "<option value='$ouName'>$ouName</option>";
}
}
?>
</select>
<br><br>
<label for="cn">Common Name (CN):</label>
<input type="text" name="cn" id="cn" required>
<br><br>
<label for="givenName">Vorname:</label>
<input type="text" name="givenName" id="givenName" onkeyup="generateCN(); generateUsername();" required>
<br><br>
<label for="sn">Nachname:</label>
<input type="text" name="sn" id="sn" onkeyup="generateCN(); generateUsername();" required>
<br><br>
<label for="samAccountName">Benutzername:</label>
<input type="text" name="samAccountName" id="samAccountName" required>
<br><br>
<label for="userPrincipalName">Benutzerprinzipalname:</label>
<input type="text" name="userPrincipalName" value="@markplay.local" id="userPrincipalName" required readonly>
<br><br>
<label for="password">Passwort:</label>
<input type="password" name="password" id="password" required>
<br><br>
<label for="email">E-Mail:</label>
<input type="email" name="email" id="email">
<br><br>
<input type="submit" value="Benutzer erstellen">
</form>
</body>
</html>
File create-user.php:
<?php
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Check, if all required fields are filled.
$requiredFields = ['ou', 'cn', 'givenName', 'sn', 'samAccountName', 'userPrincipalName', 'password', 'email'];
foreach ($requiredFields as $field) {
if (empty($_POST[$field])) {
die("Fehlende Angabe für Feld: $field");
}
}
// Connect to LDAP
require 'ldap-connect.php';
$ldapConnection = connectToLDAP($config);
// Prepare data for the new user
$ou = $_POST['ou'];
$cn = $_POST['cn'];
$givenName = $_POST['givenName'];
$sn = $_POST['sn'];
$samAccountName = $_POST['samAccountName'];
$userPrincipalName = $_POST['userPrincipalName'];
$password = $_POST['password'];
$email = $_POST['email'];
// Create user in Active Directory
$ldapUserDN = 'CN=' . $cn . ',' . 'OU=' . $ou . ',' . $config['userBaseDN'];
$ldapAttributes = [
'objectClass' => 'user',
'cn' => $cn,
'givenName' => $givenName,
'sn' => $sn,
'samAccountName' => $samAccountName,
'userPrincipalName' => $userPrincipalName,
'unicodePwd' => iconv("UTF-8", "UTF-16LE", '"' . $password . '"'),
'mail' => $email
];
if (ldap_add($ldapConnection, $ldapUserDN, $ldapAttributes)) {
echo "Benutzer wurde erfolgreich erstellt.";
} else {
$ldapError = ldap_error($ldapConnection);
echo "Fehler beim Erstellen des Benutzers: $ldapError<br>";
echo "LDAP-Error:". ldap_error($ldapConnection);
}
// Close LDAP-Connection
ldap_unbind($ldapConnection);
}
?>
I hope there is someone who can explain me, what the problem is and can give me a solution. I use an testing environment with Windows Server 2019 with all updates include today. The Server is the AD-Server. I also use XAMPP 8.2.4. LDAP extension is active.
