I cannot make modifications to an ldap directory with symfony 5.4 with the Symfony Ldap library;
I connect in ldaps, reading no problem, but when I want to modify I get this error:
Could not update entry "*group dn*": Insufficient access
Although I have modification rights
The code:
$this->ldap->bind($_ENV['LDAP_USER'], $_ENV["LDAP_PASSWORD"]);
$user = $this->ldap->query('dc=dcher,dc=local', '(&(objectClass=user)(samaccountname='.$matricule.'))')->execute()->toArray();
$connected = true;
// Ajouter l'utilisateur au groupe
$groupDn = "*group dn*";
$query = $this->ldap->query($groupDn, "(objectclass=*)");
$results = $query->execute();
$groupEntry = $results[0];
// Récupérer les membres actuels du groupe
$members = $groupEntry->getAttribute('member');
// Ajouter l'utilisateur au tableau des membres
$members[] = $user[0]->getDn();
// Définir les nouveaux membres du groupe
$groupEntry->setAttribute('member', $members);
// dd($groupEntry);
$this->ldap->getEntryManager()->update($groupEntry);
Whereas with the AD console and the same user, I can add users to groups without problems. Other applications connect and modify the ldap without problems. It also works on the command line with ldapmodify.
I found the solution,
The problem is related to a limitation in the LDAP server that only allows a limited set of attributes to be modified at a time.
Instead of modifying the entire entry, I create a new entry with the same DN and only the attributes I want to modify, then update the entry with this new entry.