June 21st, 2004, 07:11 PM
After reading a TON of info on PHP and ldap I believe our problem is that PHP LDAP doesn't support SSL
I could be totally wrong but from what I read here it appears for now PHP is based off LDAP v.2 not v.3 thus no SSL support.
June 21st, 2004, 07:13 PM
But it says the current version of PHP is v4.0.6. Of course, PHP is much newer than that, and with that, I wonder if LDAP has also been upgraded/improved...
I'll do a little research too.
June 21st, 2004, 07:17 PM
I'm using PHP 5RC3 and it still defaults to version 2 unless you specificly say otherwise. So it'd appear to me that it hasn't yet, but please another person searching would help . Also this is kinda helpfull to me, even though I'm not needing it right now in the future I need PHP to support SSL.
June 21st, 2004, 07:19 PM
SSL must be supported, because PHP.net says to copy libeay32.dll and ssleay32.dll to the system folder of a Windows server (which I have). http://www.php.net/manual/en/ref.ldap.php This leads me to believe LDAP in PHP supports SSL.
Also, v3 supports SSL, and you can set the version with ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3).
Last edited by MatthewClark; June 21st, 2004 at 07:22 PM.
June 21st, 2004, 07:37 PM
Yep version 3 does support SSL, but if you atttempt to connect to ldaps:// it always errors this shouldn't happen.
June 21st, 2004, 08:08 PM
I'm gonna try this: use exec() with the stringconverter utility to get my password.
Also, when using the ldp.exe utility in the Windows Support tools, I found that you cannot modify unicodePwd through the GC port 3269. PHP won;t tell you this - all it says is "Unwilling to perform". The ldp.exe utility will tell you exactly why...
I will try using the stringconverter and exec(), and we'll see what happens...
June 21st, 2004, 08:27 PM
I forgot - exec() and system() never work. They always belch out "Unable to fork" errors.
June 21st, 2004, 09:03 PM
Well, as I have been for the past several weeks, I seem to be wasting time because nothing works. There is NOTHING on the 'net about this, and LDP.exe is no help either. All we ever get is "Unwilling to perform", no matter what.
I'm going to give up for now - I've done all I can do with no tangable results. I will keep monitoring this thread, though...
June 21st, 2004, 09:28 PM
Well it's been fun spamming this thread with you . I got to get SSL working with LDAP for a project now so I'm going to work on this. Currently looking at the PHP source and going to try to track it from there.
June 21st, 2004, 09:42 PM
Alright...good luck. I'll be watching this one...
June 22nd, 2004, 03:11 AM
I can now reset Domain Password in Active Directory
But only to a default Password (which i can change at regular intervals with Stringconverter)
here is the code i used!
what this page (chpass3.php)does is take the dn from the URL given by the last page & then uses ldifde to reset the users password to , in this case "newPassword"
// is this user authenticated, let them access this page?
if(!isset($_SESSION["user"]) || $_SESSION["user"]=="")
printf("You are not an authenticated user");
// nope, bail.
$dn = urldecode($_GET['dn']);
$entry = "dn: ".$dn."\nchangetype: modify\nreplace: unicodePwd\nunicodePwd::IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA=\n-\n";
$fp = fopen("c:\\chPwd.ldif", "w");
$sys=system("ldifde -i -f c:\chPwd.ldif -t 636 -s fsstudent -b ".$_SESSION['login']." college.jameswatt.ac.uk ".$_SESSION["pass"]."");
but u can use stringconvertor to change this to anything you want!
I'm fairly new to php but my background is in Active Directory (MCSE/MCSA)
this does work.. email me if you need more info!
soon i'll put together a Tutorial for all the newguy & stick it on here!
June 22nd, 2004, 06:29 AM
Well, then take the password from a form and write it to the file chPwd.ldif. That say you're not stuck with using the same ol' password. I considered doing this exact yesterday, but never tried it...
June 22nd, 2004, 10:05 AM
like i said i'm newish to PHP
The Original Idea was to reset it to their Date of Birth which is kept in active directory but i can't get it change from dateofbirth to unicode
And after speaking to my Boss he has settled with the idea of reseting it to a generic password that is changed every day or so!(using Stringconverter)
i've learned a lot from this thread alone thanks to both Viper_SB & Matthew Clark
July 24th, 2004, 06:39 AM
Microsoft Knowledge Base Article - 269190
August 9th, 2004, 03:33 AM
IS SSL a MUST for Active directory access??
I am trying to create user acct in Active Directory LDAP server frm=om a JAVA application.
1) Is SSL a must??
2) how come i am able to create users with setting password over a non-SSL mode from a java app?
3) how come i am able to create accts with password from C++ apps??
Is there a clear document from MSFT on SSL requirements for ADS access to create user accts from C++/Java apps.