PHP & LDAP - The mystery of the $data array()

[tobyheywood]

Hi,

I'm working on a small php script to add, remove and modify data held in an LDAP directory.

I can connect and bind OK to the LDAP Directory, and I can remove data successfully, however I am unable to add data. When I submit the data via a web page form I get an error 17 message saying "Undefined attribute type".

The web page also outputs the data in LDIF format, which when I use ldapadd from the command line works perfectly. This leads me to believe the error is somewhere within the array containing the form data or the way PHP adds data to the LDAP Directory.

The array in PHP is created on the fly...

// Specify required and optional fields
$add_user_req_fields = array ('givenname', 'sn', 'title', 'mail', 'l', 'ext');
$add_user_opt_fields = array ('title','physicalDeliveryOfficeName','mobile','homePhone');

if ($frmerr) {
    echo "Please click the browsers back button and enter the details again";
		
	} else {
		
    $data['dn'] = "cn=" . trim ( $_POST['givenname'] ) . " " . trim ( $_POST['sn'] ) . "," . $base_dn;

    // specify schema
    $data['objectclass'][0] = "top";
	$data['objectclass'][1] = "person";
	$data['objectclass'][2] = "organizationalPerson";
	$data['objectclass'][3] = "inetOrgPerson";
	$data['objectclass'][4] = "officePerson";
	
	foreach ( $add_user_req_fields as $value ) {
		if ( $value != "l" ) {
			if ( $value != "ext" ) {
				$data[$value] = $_POST[$value];
			}
		}
	}
		
	// create common name
	$data['cn'] = $_POST['givenname'] . " " . $_POST['sn'];
		
	foreach ( $add_user_opt_fields as $value ) {
		if ( $value == "physicalDeliveryOfficeName" ) {
			$data['ou'] = $_POST[$value];
		}
		if ( $_POST[$value] != "" ) {
			$data[$value] = $_POST[$value];
		}
	}
	foreach ( $offices[$_POST['l']] as $attr => $value ) {
		if ( $attr == 'telephonenumber' ) {
			$data[$attr] = $value . " x " . $_POST['ext'];
		} else {
			$data[$attr] = $value;
		}
	}
		

	foreach ( $data as $attr => $value ) {
		if ( is_array ( $value ) ) {
			foreach ( $value as $info ) {
				echo $attr . ": " . $info . "<br />";
			}
		} else {
			echo $attr . ": " . $value . "<br />";
		}
	}
}

The data inside the $data array() all looks OK, here it is in LDIF format...

dn: cn=Test Person,ou=internal,dc=mycompany,dc=co,dc=uk
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: officePerson
gn: Test
sn: Person
title: Confused LDAP Admin
mail: test@mycompany.com
cn: Toby Heywood
ou: IT
physicalDeliveryOfficeName: IT
mobile: 00000 000000
homePhone: 00000 000000
o: MYCOMPANY
postaladdress: 2 CROFT
l: TOWN
st: [URL unfurl="true"]WWWWWWWWW[/URL] WWW
postalcode: AA21 2AA
c: UK
telephonenumber: +44 (0)1111 111112 x 238
facsimileTelephoneNumber: +44 (0)1111 111111
url: [URL unfurl="true"]http://www.mycompany.com/[/URL]

I have been googling this topic and so far the general theme of my findings has been around the schema not being configured correctly, however I feel that it is, as I can manually add the ldif file using ldapadd.

I'd be grateful if anyone can spot what I'm doing wrong and point me in the right direction.

Thank you in advance.


Toby Heywood

http://www.tobyheywood.co.uk/

 

[tsuji]

Do you not find the echoed data in "LDIF format" strange? [1] cn built from givenname and sn does not agree with the dn. Maybe the inconsistence is due to your editing? [2] What is gn? which should be givenname, should it not? How does it come about? Whould the form field be named incorrectly? [3] You've a data on ou. In that case, I hope the dn is not the dn is not for the person with the givenname-sn-ou in question? ou=IT might be nested in ou=internal?

 

[tobyheywood]

Hi Tsuji,

Thank you for your reply. Your are indeed correct, there are a number of inconsistencies which have been the result of my editing.

dn: cn=Test Person,ou=internal,dc=mycompany,dc=co,dc=uk
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: officePerson
givenName: Test
sn: Person
title: Confused LDAP Admin
mail: test@mycompany.com
cn: Test Person
physicalDeliveryOfficeName: IT
mobile: 00000 000000
homePhone: 00000 000000
o: MYCOMPANY
postaladdress: 2 CROFT
l: TOWN
st: [URL unfurl="true"]WWWWWWWWW[/URL] WWW
postalcode: AA21 2AA
c: UK
telephonenumber: +44 (0)1111 111112 x 238
facsimileTelephoneNumber: +44 (0)1111 111111
url: [URL unfurl="true"]http://www.mycompany.com/[/URL]

[2] I have previously read (somewhere) that gn could be used as a shorthand for givenName. I guess it is always better to put in that little extra effort and to specify everything so that there is no doubt about what an attribute should be.

[3] ou was specified for informational purposes (I believe it is displayed in MS Outlooks address book window) to show the department for that individual and not as a structural attribute for the directory. Having looked back at my notes I should have used the department attribute instead.

Are you able to spot anything else which might be causing an error 17 undefined attribute type?

Is there a way to get OpenLDAP to display the attribute it believes is undefined?

Thank you for your valuable input. I continuing to google this but either I'm not using the correct search keywords or no one has had this same issue.


Toby Heywood

http://www.tobyheywood.com/

 

[tsuji]

This article may help you the proper construction of the data in the right context.

http://www.onlamp.com/lpt/a/3310

ps: The gn and givenName note was a concern only because the data are constructed through the shown algorithm which map data from $_POST. Hence, the concern was my worried about how come the form field named givenname would eventually mapped to a hash of entry "gn". But your recall is certainly correct.