Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I modify a Boolean LDAP Active Directory attribute using Net::LDAP?

I can successfully bind to AD LDAP, and modify and create objects.

However, if I want to update or set an attribute of type 'Boolean', then I get this error:

00000057: LdapErr: DSID-0C090C3E, comment: Error in attribute conversion operation, data 0, v1db1

Here is a piece of the Perl code responsible:

$rv = $ldap->add($dn, attr=> [
    cn => [$u],
    objectClass => [ 'top','person', 'organizationalPerson', 'contact' ],
    displayName => "$u Mailing List",
    mail => $email,
    name => $u,
    mailNickname => $local,
    proxyAddresses => [
        "SMTP:$email",
        "smtp:$local\@$SERVERDOM",
    ],
    givenName => $u,
    targetAddress => "SMTP:$email",
    internetEncoding => 1310720,
    msExchAddressBookFlags => 1,
    msExchModerationFlags => 6,
    msExchProvisioningFlags => 0,
        msExchHideFromAddressList => 'TRUE',
        msExchBypassAudit => 'FALSE',
        msExchMailboxAuditEnable => 'FALSE',

]);

The problem is the three last attributes; if they are commented out, then it works. I have tried using 0 and 1 instead of 'TRUE' and 'FALSE' but I get the same issue. It seems that the Net::LDAP code calls Convert::ASN1 with a type of string or int which is incorrect; it should be using 'boolean', but I cannot see how to make it do this.

like image 483
Steve Shipway Avatar asked Nov 06 '14 01:11

Steve Shipway


1 Answers

According to the LDAP specification; string values of "TRUE", "True", "true", etc are all valid.

Unknown attributes, or attributes not available to that user will throw 'Error in attribute conversion operation' errors.

Looking at the attributes and googling them shows that msExchHideFromAddressList should be msExchHideFromAddressLists <- note the plural s.

like image 67
harvey Avatar answered Oct 19 '22 17:10

harvey