Using ext/ldap I'm trying to add entries to an Active Directory. As long as I only use one single structural objectClass everything works as expected, but as soon as I try to add an entry with a second auxiliary objectClass, the server reports an error:
Server is unwilling to perform; 00002040: SvcErr: DSID-030F0AA0, problem 5003 (WILL_NOT_PERFORM), data 0
The following code works:
ldap_add($ldap, 'OU=Test,OU=Test,DC=domain,DC=example,DC=local', array(
'ou' => 'Test',
'objectClass' => 'organizationalUnit',
'l' => 'location'
));
This doesn't:
ldap_add($ldap, 'OU=Test,OU=Test,DC=domain,DC=example,DC=local', array(
'ou' => 'Test',
'associatedDomain' => 'domain',
'objectClass' => array('organizationalUnit', 'domainRelatedObject'),
'l' => 'location'
));
The same happens if I try to add an auxiliary objectClass to an existing entry:
ldap_mod_add($ldap, 'OU=Test,OU=Test,DC=domain,DC=example,DC=local', array(
'associatedDomain' => 'domain',
'objectClass' => 'domainRelatedObject'
));
The corresponding error message is essentially the same
Server is unwilling to perform; 00002040: SvcErr: DSID-030508F8, problem 5003 (WILL_NOT_PERFORM), data 0
As all other updating and adding operations work, I think the problem must be related to the objectClass attribute.
As I've not enough experience with Active Directories (I'm used to OpenLDAP):
Are there any known issues with objectClasses in Active Directory? Am I missing something here? Are there any restrictions that disallow adding e.g. domainRelatedObject to an organizationalUnit? What the heck 's going on here ;-)?
Just in case you're wondering: the domainRelatedObject is present in the Active Directory schema.