ldap_modify_batch(): Batch Modify: Server is unwilling to perform

[lucassmacedo]

• Laravel Version: 5.6
• Adldap2-Laravel Version: ^4.0
• PHP Version: 7.2
• LDAP Type: ActiveDirectory

Description:

Hello guys, i try add a password and active the user, but i have this error.

when i try change useraccountcontrol or password ldap_modify_batch(): Batch Modify: Server is unwilling to perform

Steps To Reproduce:

$user = Adldap::search()->users()->where('samaccountname', '=', 'lucas.teste')->firstOrFail();
$user->setAttribute('useraccountcontrol', '512')

// or $user->useraccountcontrol = '512'; $user->update(); Please need help..

[stevebauman]

Hi @lucassmacedo,

Did you configure an account that has permissions to modify this user in your adldap.php file?

Also, passwords can only be modified if you have a TLS or SSL connection, do you have this enabled as well?

Unfortunately when an LDAP server returns this exception, it's difficult to debug since it could be a variety of issues.

[lucassmacedo]

@stevebauman i have SSL on my APP, this is? i think my user has permissions to modifiy passwords.. i will check.

[stevebauman]

Closing due to inactivity.

If you're still experiencing this issue, please comment back and I will re-open.

[lucassmacedo]

@stevebauman i still with this problem.. please help.

[rcastardo]

@lucassmacedo use hexadecimal code $user->setUserAccountControl(0x0200) to enable

[stevebauman]

Hi @lucassmacedo, sorry I didn't re-open this when you were still having issues.

Try @rcastardo's suggestion. If that doesn't work, try:

$user = Adldap::search()->users()->where('samaccountname', '=', 'lucas.teste')->firstOrFail();

$user->setUserAccountControl(512);

$user->save();

You mention that you tried to add a password then activate the user? Did you set the password of the user first before activating via account control? For example:

$user = Adldap::search()->users()->where('samaccountname', '=', 'lucas.teste')->firstOrFail();

$user->setPassword('Super-Secret-Password')->save();

$user->setAccountControl(512)->save();

The above example should work, as the account must contain a password prior to enabling the user. Otherwise the server will reject the request.

Give the above examples a try and let me know if you encounter issues and I'll re-open again.

Thanks!

[stuntguy3000]

Hi @stevebauman

Sorry to hijack this issue. I'm having the exact same problem as OP. Admin account is AD's administrator account.

'port' => env('ADLDAP_PORT', 636),
'use_ssl' => env('ADLDAP_USE_SSL', true),
'use_tls' => env('ADLDAP_USE_TLS', false),
'custom_options' => [
    LDAP_OPT_PROTOCOL_VERSION => 3,
    LDAP_OPT_X_TLS_REQUIRE_CERT => LDAP_OPT_X_TLS_NEVER
],

Upon trying your suggestions above I receive a ldap_modify_batch(): Batch Modify: Server is unwilling to perform and cannot bypass this.

Thanks!

[stuntguy3000]

@lucassmacedo were you able to solve this?

[lucassmacedo]

@stuntguy3000 No. I Still the same error. =(

[stuntguy3000]

Oh boo!

Well I pretty much have to get this fixed so lets hope we can find a resolution.

On Thu, 24 Jan 2019 at 20:38, Lucas Macedo [email protected] wrote:

@stuntguy3000 https://github.com/stuntguy3000 No. I Still the same error. =(

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Adldap2/Adldap2-Laravel/issues/527#issuecomment-457140777, or mute the thread https://github.com/notifications/unsubscribe-auth/ABc61ekF6akTigaHYnZtgVXUHAsCZTLEks5vGYYTgaJpZM4TbwY5 .

[lucassmacedo]

Yes! I have try everything but have no success =(

[stuntguy3000]

@lucassmacedo @stevebauman Could this issue be re-opened and investigated further? To me it genuinely feels like a limitation with AD.

[stuntguy3000]

I am no longer in a position to troubleshoot this as I have had to resort to a Python script to get this web app to work.