Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[LDAP] Update throws "Constraint violation" #21328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
estahn opened this issue Jan 18, 2017 · 14 comments
Closed

[LDAP] Update throws "Constraint violation" #21328

estahn opened this issue Jan 18, 2017 · 14 comments
Labels
Bug Ldap Status: Needs Review Status: Waiting feedback Unconfirmed

Comments

@estahn
Copy link

estahn commented Jan 18, 2017
edited
Loading

Q A
Bug report? yes
Feature request? no
BC Break report? no
RFC? no
Symfony version 3.2.2

When fetching an entry from the ActiveDirectory server and then immediately saving it again, we see the following error:

[Symfony\Component\Ldap\Exception\LdapException]
  Could not update entry "CN=User1234,OU=Foo,OU=Users,OU=org,DC=corp,DC=domain,DC=com": Constraint violation

If using only certain attributes, e.g.

ldap_modify($this->ldap->getEntryManager()->connection->getResource(), $person->getId(), ['givenName' => 'Foo1']);

It will succeed.

So pushing the entire LDAP entry to be updated is not working or will not always work.
@xabbuh
Copy link
Member

xabbuh commented Mar 5, 2017

@csarrazi Can you have a look here?

@csarrazi
Copy link
Contributor

csarrazi commented Mar 5, 2017

@estahn can you try adding the 'debug' => true option in your service, in order to have more information?

This is probably a limitation due to your LDAP server only letting you edit a limited set of attributes. It is not a bug from the component, but rather a limitation due to server configuration.

This should be fixed once a better implementation of #21856 will be implemented (I suggested an implementation in the related PR).

@xabbuh
Copy link
Member

xabbuh commented Apr 14, 2017

@estahn Can you please give feedback on @csarrazi's comment?

@javiereguiluz
Copy link
Member

@estahn did you manage to try the solution proposed by @csarrazi? Thanks!

@xabbuh
Copy link
Member

xabbuh commented May 12, 2017

ping @estahn :)

@estahn
Copy link
Author

estahn commented May 15, 2017

Sorry for the late response. I will have a look this week.

@xabbuh
Copy link
Member

xabbuh commented Jul 17, 2017

Closing for now due to the lack of a reproducer. Please leave a comment with more information and we can consider to reopen.

@xabbuh xabbuh closed this as completed Jul 17, 2017
@Sonny333Black
Copy link

update dosen't work. I have the same Error (Constraint violation).

updating the entry with mod_replace works with following code:

if (!@ldap_mod_replace($con, $dn, $data)) { throw new LdapException(sprintf('Could not modify entry "%s": %s', $dn, ldap_error($con))); }

@xabbuh
Copy link
Member

xabbuh commented Sep 11, 2017

@Sonny333Black Are you able to provide a small reproducer?

@Sonny333Black
Copy link

@xabbuh because by some attributes I don't have the premission
to update. I need a methode in the entry-manager that updating a single attribute like a mod_replace.

@vittore
Copy link

vittore commented Feb 5, 2020

@xabbuh because by some attributes I don't have the premission
to update. I need a methode in the entry-manager that updating a single attribute like a mod_replace.

+1

@xabbuh
Copy link
Member

xabbuh commented Feb 5, 2020

@vittore see #21328 (comment)

@vittore
Copy link

vittore commented Feb 5, 2020

Using Microsoft Active Directory.

Not working example :

$search = $ldap->query($ldap_base_dn, $query); // A generic query
$result = $query->execute();
$entry = $result[0];
$entry->setAttribute('mail', ['[email protected]']);
$entryManager = $ldap->getEntryManager();
$entryManager->update($entry);  // Throws "Constraint violation" exception

Working example:

$search = $ldap->query($ldap_base_dn, $query); // A generic query
$result = $query->execute();
$entry = $result[0];
$entryManager = $ldap->getEntryManager();
$entry2 = new Entry($entry->getDn(), ['mail' =>'[email protected]']);
$entryManager->update($entry2);   // Successfully update

@csarrazi
Copy link
Contributor

To give some feedback on this, the original intent for the component was to implement a change manager for the LDAP entries. E.g. being able to do entry->replaceAttribute($attr, $val) or entry->addAttribute($attr, $val) (difference between single-valued and multi-valued attributes), and have the entry object provide its own changes to the EntryManager.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Ldap Status: Needs Review Status: Waiting feedback Unconfirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@javiereguiluz @vittore @estahn @csarrazi @xabbuh @carsonbot @Sonny333Black