The behaviour of OpenLDAP from 1.x to 2.x changed; in 1.x, when you passed ldap_modify the array, if the value was empty that attribute would be deleted. In 2.x, you get an "Invalid Syntax" error and the modify fails.
This requires the ldap_mod_del function; unfortunately, that operation requires the attribute to be deleted have it's *old* value specified -- as you can imagine, if you're taking input from a CGI form, the attribute to be deleted's value is now missing (i.e., the user blanked out that textbox in the form and clicked Submit).
So, you're in a bit of a conundrum -- you want to delete "empty" form values, but you need their old value to delete them. There are many ways to handle this, but I chose this approach:
<?php
$entry=array();
$delval=array();
if($o!="") { $entry["o"]="$o"; } else { $delval[]="o"; }
if($title!="") { $entry["title"]="$title"; } else { $delval[]="title"; }
if (@ldap_modify($ldap, $dn, $entry)) {
$filter = sprintf("(&(uid=%s)(sn=%s))",$uid,$sn);
$sres = ldap_search($ldap, $BASEDN, $filter, $delval);
$delent = ldap_first_entry($ldap, $sres);
$delarr = ldap_get_attributes($ldap, $delent);
$findel=array();
for($i=0; $i<$delarr["count"]; $i++) {
$attr = $delarr[$i];
$totl = $delarr[$attr]["count"];
for($z=0; $z<$totl; $z++) {
if ($totl = 1) {
$findel[$attr]=$delarr[$attr][$z];
} else {
$findel[$attr][$z]=$delarr[$attr][$z];
}
}
}
if(@ldap_mod_del($ldap, $dn, $findel)) {
print("<H3>Modified Entry!</H3>\n");
print("<BR>\n");
} else {
$error=ldap_error($ldap);
print("<H3>Attribute Delete Failed!</H3>\n");
print("<BR>\n($error)\n");
}
} else {
$error=ldap_error($ldap);
print("<H3>Modify Failed!</H3>\n");
print("<BR>\n($error)\n");
}
?>
