I ran into a rather annoying issue when trying to add a user to a usergroup in Active Directory.
Active Directory tends to not be particularly happy when you try modifying the "memberOf" attribute (through ldap_mod_add/ldap_mod_replace), and will output a warning/error somewhere along the lines of:
Warning: ldap_mod_add(): Modify: Server is unwilling to perform in ...
If you want to add a user to a usergroup, you need to add the user as a member of the group, rather than adding to the memberOf attribute of the group:
<?php
function ldap_addToGroup($username, $group) {
$dn = "CN=$group,OU=Accounts,DC=DC1,DC=DC2"; $info["member"] = "CN=$username,OU=Accounts,DC=DC1,DC=DC2"; return ldap_modify($ldapconn, $dn, $info);
}
?>
Hope this helps someone.
