8 bit characters in Active Directory

Once again, after discovering very little information from Microsoft about Active Directory over LDAP I was posed with a question on the adLDAP forums https://sourceforge.net/forum/?group_id=104193

And that was how to handle accented characters over LDAP. Running a standard ldap_modify() will cause a ‘Constraint violation’ error from the domain controller.

I finally discovered, after reading the RFC for LDAP that I need to encode the ‘offending’ characters as UTF-8.

I could have simply executed

$adldap->user_modify('AD.UserName', array('firstname'=>utf8_encode('Göran'));

but that would be too easy wouldn’t it. Seeing as my believe with libraries should be, you shouldn’t have to think about this, let us allow the library to do this work for us.

Whenever you modify or create attributes in adLDAP it passes the attributes array through a schema function so let’s process the array detecting 8 bit characters

array_walk($attributes, array($this, 'encode8bit'));

Then let us create the function encode8bit

protected function encode8bit(&$item, $key) {
        $encode = false;
        if (is_string($item) === true) {
            for ($i = 0; $i < strlen($item); $i++)
                // Detect the ordinal value of the character
                if (ord($item[$i]) >> 7) {
                    $encode = true;

        if ($encode === true) {
            $item = utf8_encode($item);   

Update WordPress was messing with the rendering of this function, I’ve now corrected it.

I’ve committed the code to the repository trunk and it’s now available to download directly from SVN

Leave a Reply