我正在尝试将用户添加到Windows Active Directory。我正在使用xampp。这将是一个本地页面,仅限于两台机器,因此我并不过分关注安全性。我可以使用php脚本将用户添加到Active Directory,但前提是UserAccountControl设置为544.(名义帐户并且不需要pw)。如果我尝试添加UserControlAccount 512的用户,我会收到错误:ldap_add():添加:服务器不愿意执行。通过研究我知道这很可能是密码问题。我已尝试过如何设置密码的几种变体。包括以下帖子中的代码:
ldap_mod_replace() [function.ldap-mod-replace]: Modify: Server is unwilling to perform
ldap_add(): Add: Server is unwilling to perform
Server is unwilling to perform. LDAP in PHP
我检查了域控制器并关闭了复杂的密码,密码历史记录和其他与密码相关的策略。我已经确定LDAP绑定使用的是ldaps而不是ldap,但仍然没有运气。代码如下所示,任何人都能看到我在这里看到的东西吗?
<?php
set_time_limit(0);
$student_ldap = "ldaps://192.168.1.1";
$ldap_port = 636;
$student_ldap_dn = "DC=MyDomain,DC=local";
$student_base_dn = "DC=MyDomain,DC=local";
$student_ldap_usr_dom = "@MyDomain.local";
$student_user = "TestUser";
$student_user_pw = "TestPW";
require_once('connect.php');
$flag = true;
$msg;
$ldapRecord = array();
/* some other unrelated stuff */
if ($flag){
$qry = 'SELECT * FROM cst_CSVexport ';
$select = odbc_prepare($conn,$qry);
if (odbc_execute($select,array())){
if (odbc_num_rows($select)>0){
while (odbc_fetch_row($select)){
$first_name = odbc_result($select,'FirstName');
$last_name = odbc_result($select,'LastName');
$stuNum = odbc_result($select,'StuNum');
$ssn = odbc_result($select,'ssn');
$pw = $first_name[0].$last_name[0].trim($ssn).trim($stuNum).'!';
/*
begin Password encode attempt from:
https://stackoverflow.com/questions/10763070/ldap-mod-replace-function-ldap-mod-replace-modify-server-is-unwilling-to-p
*/
$len = strlen($pw);
$newPW = '"'.$pw.'"';
$len = strlen($newPW);
$newPassword = '';
for ($i=0;$i<$len;$i++){
$newPassword .= "{$newPW{$i}}\000";
}
$username = $first_name[0].odbc_result($select,'LastName').odbc_result($select,'StuNum');
echo 'username: '.$username.'<br/>Password: '.$newPassword.'<br/>';
$ldapRecord['cn'] = $first_name.' '.$last_name;
$ldapRecord['givenName'] = $first_name;
$ldapRecord['sn'] = $last_name;
$ldapRecord['sAMAccountName'] = $username;
$ldapRecord['UserPrincipalName'] = $username.'@MyDomain.local';
$ldapRecord['displayName'] = $first_name.' '.$last_name;
$ldapRecord['name'] = $first_name.' '.$last_name;
$ldapRecord['description'] = $stuNum;
$ldapRecord['UserAccountControl'] = "512";
$ldaprecord['unicodepwd'] = $newPassword;
$ldapRecord['objectclass'][0] = 'top';
$ldapRecord['objectclass'][1] = 'person';
$ldapRecord['objectclass'][2] = 'organizationalPerson';
$ldapRecord['objectclass'][3] = 'user';
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
if(ldap_connect($student_ldap,$ldap_port)){
$brstudent_ldap = ldap_connect($student_ldap,$ldap_port);
if(ldap_set_option($brstudent_ldap, LDAP_OPT_PROTOCOL_VERSION,3)){
if(ldap_set_option($brstudent_ldap, LDAP_OPT_REFERRALS,0)){
if(ldap_bind($brstudent_ldap, $student_user . $student_ldap_usr_dom, $student_user_pw)){
$dn = 'CN='.$ldapRecord['cn'].',OU=students,DC=MyDomain,DC=local';
if (ldap_add($brstudent_ldap,$dn,$ldapRecord)){
echo "User Added: ".$ldapRecord['cn']."<br/><br/>";
} else {
echo "User unsuccessful: ".$ldapRecord['cn']."<br/><br/>";
$flag = false;
$msg = 'User not added Sucessfully.';
}
} else {
$flag = false;
$msg = 'LDAP bind failed';
}
} else {
$flag = false;
$msg = 'set option referrals failed.';
}
} else {
$flag = false;
$msg = 'set option version failed.';
}
} else {
$flag = false;
$msg = 'LDAP connect failed.';
}
}
} else {
$flag = false;
$msg = 'Select Query returned no results.';
}
} else {
$flag = false;
$msg = 'Student Query failed.';
}
}
if ($flag){
echo '<br/><br/>Accounts created successfully!';
} else {
echo '<br/><br/>Account creation failed! <br/> Error: '.$msg;
}
?>