I have this code:
function makeUser() {
$info['cn'] = "Test User";
$info['sn'] = "User";
$info['mail'] = "test@localhost";
$info['objectclass'][0] = "Person";
$info['objectclass'][1] = "User";
$info['userpassword'] = "{MD5}".base64_encode(pack("H*",md5('Password1!')));
$info['useraccountcontrol'] = 512;
var_dump(ldap_add($this->connection, "CN=Test User,OU=Users,DC=domain,DC=local", $info));
}
Which gives me this error:
Warning: ldap_add() [function.ldap-add]: Add: Server is unwilling to perform
When I leave out the $info['useraccountcontrol'] = 512; part, It adds the account, but it is disabled..
I get this from the logging on both servers:
Internal event: The LDAP server returned an error.
Additional Data Error value: 0000052D: SvcErr: DSID-031A11E5, problem
5003 (WILL_NOT_PERFORM), data 0
I work on:
- Windows Server 2008 Active Directory (not R2) & Windows Server 2003
- PHP 5.3.5
- Normal LDAP connection, not LDAPS since I've given up on trying to get that work..
How can I get it like so, that the user is not disabled and does not have to change password when first logging in?
Best Answer
I had this problem too (even connecting over LDAPS). When I did it in three steps (first add the account, then set the password, then enable the account), it worked.
It may be that you can combine the first two or last two steps, but I didn't test this.