From: Chris Knipe > I've found various sources and are successfully manipulating Active > Directory from PHP on our Domain Controller - frankly, things works much > better than I expected :) > > I have now reached the point where I need to set permissions on objects in > Active Directory, i.e. to restrict read permissions to certain OUs and > objects within the directory (mainly related to Exchange stuff). > > Is there anything in PHP which can be used to set permissions on AD > objects? I haven't found any reference to doing this anywhere, so I thought > I'd give it a chance here... If not, then I suppose I'll have to code some > ..NET application to act as a gateway between the PHP interface and Active > Directory, but naturally I would like to do as much as possible from within > PHP itself. I don't know about your IT group, but around here and at any of our clients, they will never allow anyone outside their office modify access rights, or add users. It takes a written request by a manager or above to get them to make any changes, and each request must include the reasons for the change. No we cannot use the master LDAP server for testing. We have a couple of OpenLDAP servers isolated on our test networks for that. But even those have to be managed directly. No application is allowed to do more than retrieve data. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
