Page 2 - Modifying Active Directory passwords through PHP and IIS

Matt,

Did you need to do anything special to set up the SSL connection? I can't bind over SSL. I have verified that my DLLs are in the right place.

PHP 4.3.6
Apache/2.0.49
Windows 2000
OpenSSL 0.9.7c 30 Sep 2003

Geoff

what errors do you get?

Has anyone got it to work properly ?

I'm also working on user administration panel in PHP, when users are stored on an AD server.

Everything works fine except setting and changing the unicodePwd field.

I've lost several days to find out how to made it to work and still nothing. I'm really angry about that.

Did you see the recent posts using the perl script and/or the php converted perl script? That has worked for me, I'd be interested to know if others are having luck with it.

- Ben

Any chance you can test the PHP script? I don't have AD so can't test it here.

I first made the following minor modification (possibly specific for my environment; I'm no PHP/Active Directory expert). The last line is the change:



Alas, no luck. I still received the "Server unwilling to perform" error that I was getting before. Son of a....


- Ben

I've read that if I want to change password via LDAP I have to connect via SSL to LDAP server.

And that's my problem right now.

$ldap=ldap_connect("myserver",636);
returns Success
and $ldap gets "Resource #1", so I suppose, that the connection is made, but when I try to bind using this connection I receive an error:
"Could not connect to LDAP server"
I tried also to bind annonymously mysql_bind($ldap), but it also reutrns the same error.

I've checked my php configuration and OpenSSL is configured. Our networ administrator says, that also AD server is configured to use SSL.

I have no idea where the problem could be right now.

The connection without SSL is possible and works fine.

OK - I think I'm one next step to the solution.

Surprisingly what helped to make a SSL connection with LDAP server was creating C:\OpenLDAP\sysconf\ (as described in one of the threads on the net) and putting there ldap.conf file which contains in its first line:
TLS_REQCERT never

Why on C drive and in this concrete directory - people says that its coded deep in the php_ldap.dll.

So now my script seems to be runnig fine:


,but when I try to change unicodePwd field I get the same message as in non SSL connection "Warning: ldap_modify(): Modify: Server is unwilling to perform".

Do you know if and how can I check if my connection to the LDAP server is encoded with SSL ?

I battled with the very same thing, as described earlier in this thread. I think we've determined that it is not an SSL problem. I am certain that I have a secure connection and I get the "Server unwilling to perform" error message as well. You can try the perl script shown earlier in the thread. That has worked for me. The direct translation to php, however, does NOT work. We aren't sure why that is...

Ya if the PHP script isn't working then it's something with PHP, if anyone has an active directory server I could test stuff on I'd be willing to track down the problem and report it to PHP. All I'd need is a user account that could change my own password nothing else would be needed.

Also just so everyone is aware of this, ldap_connect() (in PHP) ALWAYS returns true. You can put in any IP or host and it'll be sucessfully, this IS a feature and is working correctly. ldap_bind() is what really connects so that is where you should check for connection. Here is how I do it.

BTW what version of PHP are you trying this with?

I'm using PHP v 4.2.2.

Sorry, can't give you an account at my location...

any chance you can try with PHP 5 rc3? Because it could be a bug that was already fixed.

OK - I'll try version 5 RC 3 of PHP.