以下是我修改自己密码的用户代码。这种形式完美无瑕。现在的问题是,我希望用户能够更改他们的电子邮件,电话,甚至他们的名字。我使用管理员帐户,因此它有权搜索LDAP中的所有人并检索有关每个人的所有信息。现在的问题是我不希望用户插入重复项,所以如果有一个人已经在LDAP中存在电子邮件bobizumi@stackoverflow.com,那么用户就不应该被允许输入这封电子邮件。名称和电子邮件也是如此。我不知道如何搜索重复项,我假设它使用ldap_search和ldap_get_entries但我不熟悉使用LDAP编程,所以我需要一些编程帮助来解决这个问题。如果我可以看到一个例子,或者有人可以向我展示一个例子,可能会阻止名称重复和ldap搜索管理员权限,那么我可以继续从那里继续自己做其余的但我只是坚持代码部分而不是逻辑。关于ldap的文档以及它与PHP或任何代码片段的集成和功能,我找不到太多的例子,所以我很难尝试PHP手册。
PHP:
function changePassword($server,$dn,$user,$oldPassword,$newPassword,$newPasswordCnf){
global $message;
error_reporting(0);
$con=ldap_connect($server);
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
$findWhat = array ("cn","mail","*");
$findWhere = $dn;
$findFilter = "(uid=$user)";
#bind anon and find user by uid
$sr = ldap_search($con,$dn,$findFilter,$findWhat);
$records = ldap_get_entries($con, $sr);
// echo "<pre>";print_r($records);
/* error if found more than one user */
if ($records["count"] != "1") {
$message[] = "Error E100 - Wrong user.";
return false;
}else {
$message[] = "Found user <b>".$records[0]["cn"][0]."</b>";
}
/* try to bind as that user */
if (ldap_bind($con, $records[0]["dn"], $oldPassword) === false) {
$message[] = "Error E104 - Current password is wrong.";
return false;
}
else { echo"TEST";
$sr = ldap_search($con,$dn,$findFilter,$findWhat);
$records = ldap_get_entries($con, $sr);
echo "<pre>";print_r($records);
}
if ($newPassword != $newPasswordCnf ) {
$message[] = "Error E101 - New passwords do not match! ";
return false;
}
if (strlen($newPassword) < 8 ) {
$message[] = "Error E102 - Your new password is too short! ";
return false;
}
if (!preg_match("/[0-9]/",$newPassword)) {
$message[] = "Error E103 - Your password must contain at least one digit. ";
return false;
}
if (!preg_match("/[a-zA-Z]/",$newPassword)) {
$message[] = "Error E103 - Your password must contain at least one letter. ";
return false;
}
$entry = array();
$entry["userPassword"] = "{SHA}" . base64_encode( pack( "H*", sha1( $newPassword ) ) );
if (ldap_modify($con,$records[0]["dn"],$entry) === false){
$message[] = "E200 - Your password cannot be change, please contact the administrator.";
}
else {
$message[] = " Your password has been changed. ";
//mail($records[0]["mail"][0],"Password change notice : ".$user,"Your password has just been changed.");
}
}
?>
HTML:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Change your password</title>
<style type="text/css">
body { font-family: Verdana,Arial,Courier New; font-size: 0.7em; }
input:focus { background-color: #eee; border-color: red; }
th { text-align: right; padding: 0.8em; }
#container { text-align: center; width: 500px; margin: 5% auto; }
ul { text-align: left; list-style-type: square; }
.msg { margin: 0 auto; text-align: center; color: navy; border-top: 1px solid red; border-bottom: 1px solid red; }
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<div id="container">
<h2> Change your LDAP password </h2>
<ul>
<li> Your new password must be 8 characters long and contain at least one letter and one digit. </li>
</ul>
<form method="post">
<table style="width: 400px; margin: 0 auto;">
<tr><th>Username:</th><td><input name="username" type="text" size="20" autocomplete="off" /></td></tr>
<tr><th>Old password:</th><td><input name="oldPassword" type="password" /></td></tr>
<tr><th>New password:</th><td><input name="newPassword1" type="password" /></td></tr>
<tr><th>New password (confirm):</th><td><input name="newPassword2" type="password" /></td></tr>
<tr><td colspan="2" style="text-align: center;" ><input name="submitted" type="submit" value="Login"/></td></tr>
</table>
</form>
<div class="msg">
<?php
if (isset($_POST["submitted"])) {
$rdn = sprintf($dn,$_POST["username"]);
changePassword($server,$dn,$_POST["username"],$_POST["oldPassword"],$_POST["newPassword1"],$_POST["newPassword2"]);
foreach ( $message as $one ) { echo "<p>$one</p>"; }
}
?>
</div>
</div>
</body></html>
答案 0 :(得分:0)
OpenLDAP具有专为此设计的“唯一性”覆盖。您可以通过slapd.conf加载它并配置您需要的唯一属性。
答案 1 :(得分:-1)
除了专有名称外,Ldap不支持对字段的唯一约束。您可以搜索这些字段并使用或条件在一个查询中执行此操作但不会100%受到保护。两个人可以同时提交相同的值,并且时间恰好可以发生重复。这是一个搜索名称或电子邮件的过滤器示例。
(|(&(givenname=joe)(sn=smith))(mail=joe.smith@example.com))
如果你受到重创,你可能会有重复。