I am trying to create a PHP script which will be run via a Linux (Debian) CLI using PHP 7.4. This script is trying to add a user in Active Directory to a group and that part work.
<?php
$ldaphost = 'ldaps://domain.uk';
$ldapport = 636;
putenv('LDAPTLS_REQCERT=never');
$ds = ldap_connect($ldaphost, $ldapport) or die("Could not connect to $ldaphost");
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
if ($ds) {
$username = "cn=user1,ou=test,dc=domain,dc=uk";
$upasswd = "XXXXXXX";
$ldapbind = ldap_bind($ds, $username, $upasswd);
$groupDN = 'cn=temp-access,ou=test,dc=domain,dc=uk';
$userDN = 'cn=user1,ou=test,dc=domain,dc=uk';
$entry = ['member' => $userDN];
ldap_modify($ds, $groupDN, $entry);
}
What I actually need the script to do is also set the TTL on the groupDN to support temporary group membership. However, when setting the $groupDN variable to the following string I get an error.
$groupDN = '<ttl=1866,cn=temp-access,ou=test,dc=domain,dc=uk>';
PHP Warning: ldap_modify(): Modify: Invalid DN syntax
According to the following post it is possible to achieve in Python. Add User To an Active Directory Group temporarily in Python
Any advice would be greatly appreciated.
The TTL needs to be set on the userDN and not the groupDN.
$userDN = '<ttl=1866,cn=user1,ou=test,dc=domain,dc=uk>';
Thank you, @grawity_u1686.