Adding user via PHP:LDAP

I have this code:

function makeUser() {
    $info['cn'] = "Test User";
    $info['sn'] = "User";
    $info['mail'] = "test@localhost";
    $info['objectclass'][0] = "Person";
    $info['objectclass'][1] = "User";

    $info['userpassword'] = "{MD5}".base64_encode(pack("H*",md5('Password1!')));
    $info['useraccountcontrol'] = 512;

    var_dump(ldap_add($this->connection, "CN=Test User,OU=Users,DC=domain,DC=local", $info));
}

Which gives me this error:

Warning: ldap_add() [function.ldap-add]: Add: Server is unwilling to perform

When I leave out the $info['useraccountcontrol'] = 512; part, It adds the account, but it is disabled..

I get this from the logging on both servers:

Internal event: The LDAP server returned an error.

Additional Data Error value: 0000052D: SvcErr: DSID-031A11E5, problem 5003 (WILL_NOT_PERFORM), data 0

I work on:开发者_如何转开发

• Windows Server 2008 Active Directory (not R2) & Windows Server 2003
• PHP 5.3.5
• Normal LDAP connection, not LDAPS since I've given up on trying to get that work..

How can I get it like so, that the user is not disabled and does not have to change password when first logging in?

I had this problem too (even connecting over LDAPS). When I did it in three steps (first add the account, then set the password, then enable the account), it worked.

It may be that you can combine the first two or last two steps, but I didn't test this.

As far Active-directory is concerned the password is not in 'userpassword' but in 'unicodePwd', you've got an example in this other Stckoverflow question. And I think that you need to use LDAPS.