我想使用PHP更改LDAP目录用户的密码。
绑定到LDAP后,我使用samaccount名称查找所需用户的dn并检索dn:
$filter="(samaccountname=desiredname.desiredname)";
$result = ldap_search($lh, $personnel_base, $filter) or die(ldap_error($lh));
//$data = ldap_get_entries($lh, $result);
$entry = ldap_first_entry($lh, $result);
$atribute = ldap_get_attributes($lh, $entry);
然后我使用ldap_mode_replace更改密码:
$newpass = "Cevadetest123#!";
ldap_mod_replace($lh, $dn, array('userpassword' => "{MD5}".base64_encode(pack("H*",md5($newpass) ) ) ) ) or die(ldap_error($lh));
echo "Password changed!";
虽然输出Password changed!,但密码保持不变。
有什么建议吗?
编辑:我刚注意到userpassword 属性更改,但要通过LDAP登录,我必须使用旧密码!这是什么足球?
答案 0 :(得分:2)
我找到了答案。首先,我必须更改的字段为unicodePwd,无法读取 - 只能修改。要写入此字段,您必须首先与LDAP建立安全连接。因此,主机名为:ldaps://hostname.something.local
下一个重要步骤是在写入字段之前加密密码:
$newpassword="HelloWorld123";
$newpassword = "\"".$newpassword."\"";
$newPass = mb_convert_encoding($newpassword, 'UTF_16LE')
您可以找到完整的代码here。
如果链接出现问题,我只需将其粘贴到下方:
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$ldapconn = ldap_connect('ldaps://127.0.0.1', 636);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
$ldapuser="ldapuser";
$ldappwd="*****";
// search for user
ldap_bind($ldapconn, "CN=$ldapuser,CN=Users,DC=my,DC=company,DC=example", $ldappwd);
$res_id = ldap_search( $ldapconn, "CN=Users,DC=my,DC=company,DC=example", "sAMAccountName=$username");
if ($res_id) {
$entry_id = ldap_first_entry($ldapconn, $res_id);
if($entry_id){
$user_dn = ldap_get_dn($ldapconn, $entry_id);
if ($user_dn) {
$ldapbind = ldap_bind($ldapconn, $user_dn, $oldpassword);
// check if the old password allows a successfull login
if($ldapbind) {
if(strcmp($newpassword, $newpassword2)==0){
// create the unicode password
$newpassword = "\"" . $newpassword . "\"";
$newPass = mb_convert_encoding($newpassword, "UTF-16LE");
//rebind as admin to change the password
ldap_bind($ldapconn, "CN=$ldapuser,CN=Users,DC=my,DC=company,DC=example", $ldappwd);
$pwdarr = array('unicodePwd' => $newPass);
if(ldap_mod_replace ($ldapconn, $user_dn, $pwdarr)) {
print "<p class='success'>Change password succeded.</p>\n";
} else {
print "<p class='error'>Change password failed.</p>\n";
}
}else{
print "<p class='error'>New password must be entered the same way twice.</p>\n";
}
}else{
print "<p class='error'>Wrong user name or password.</p>\n";
}
} else {
print "<p class='error'>Couldn't load user data.</p>\n";
}
} else {
print "<p class='error'>Couldn't find user data.</p>\n";
}
} else {
print "<p class='error'>Username was not found.</p>\n";
}
if(ldap_error($ldapconn)!="Success"){
print "<p class='error'>LDAP Error:<br />\n";
var_dump(ldap_error($ldapconn));
print "</p>\n";
}
@ldap_close($ldapconn);