PHP的警告：ldap_modify（）：修改：不允许操作RDN

Question

我有在Active Directory中修改的详细信息，下面的代码：

function updateActiveDirectory($user, $first, $last, $mail, $number, $title, $service, $team) 
{ 
$server = "DC-1"; 
$unit   = "OU=Staff,OU=Users,DC=rugby,DC=internal"; 
$ds    = ldap_connect($server); 
if(!$ds) 
{ 
     return "Cannot connect to LDAP server"; 
} 
$bind = ldap_bind($ds, "DOMAIN\Administrator", "PASSWORD"); 
if(!$bind) 
{ 
     return "Couldn't bind to LDAP server"; 
} 
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); 
$sr = ldap_search($ds, $unit, "(sAMAccountName={$user})"); 
$ent= ldap_get_entries($ds, $sr); 
$userdata = array(); 
$userdata["cn"][0]=$first. " ".$last; 
$userdata["sn"][0]=$last; 
$userdata["mail"][0]=$mail; 
$userdata["telephonenumber"][0]=$number; 
$userdata["company"][0]=$service; 
$userdata["department"][0]=$team; 
$userdata["title"][0]=$title; 
$name = $ent[0]["dn"]; 
ldap_modify($ds, $name, $userdata); 
} 

我得到警告：

ldap_modify （）：修改：RDN上不允许的操作

但我无法在网上找到关于此问题的任何信息。这里有什么问题？

Answer 1

您不能修改CN属性。该属性构成RDN。如果需要修改，应使用ldap_rename()功能：

$rdn = 'cn='.ldap_escape($first." ".$last, null, LDAP_ESCAPE_DN); 
ldap_rename($ds, $ent[0]["dn"], $rdn, null, true);