Page 2 -
Modifying Active Directory passwords through PHP and IIS
Page 2 - Discuss Modifying Active Directory passwords through PHP and IIS in the LDAP Programming forum on Dev Shed. Modifying Active Directory passwords through PHP and IIS LDAP Programming forum discussing Lightweight Directory Access Protocol information and techniques. LDAP is used to allow applications to access directory information from a server.
The ASP Free website provides in-depth information on the latest developer tools available from Microsoft. Our cadre of writers, highly experienced industry experts, reveals the best ways to use established technologies as well as new and emerging technologies. Our coverage of Microsoft's development and administration technologies is among the most respected in the IT industry today.
ASP Free and Iron Speed Designer are giving away $5,500+ in FREE licenses. Iron Speed's RAD CASE toolset can save up to 80% of your coding time. One free license per week, one perpetual license per month! Download and Activate to enter!
Intel® Graphics Performance Analyzers is a powerful tool suite for analyzing and optimizing your games, media, and graphics-intensive applications. Used by some of the best developers on the planet, Intel GPA lets you maximize your app’s performance.
Posts: 9
Time spent in forums: < 1 sec
Reputation Power: 0
Did you see my recent post?
Quote:
Originally Posted by KuRcZaK
Everything works fine except setting and changing the unicodePwd field.
Did you see the recent posts using the perl script and/or the php converted perl script? That has worked for me, I'd be interested to know if others are having luck with it.
Posts: 4,836
Time spent in forums: 1 Month 1 Day 15 h 32 m 54 sec
Reputation Power: 633
Quote:
Originally Posted by bwhaley
Did you see the recent posts using the perl script and/or the php converted perl script? That has worked for me, I'd be interested to know if others are having luck with it.
- Ben
Any chance you can test the PHP script? I don't have AD so can't test it here.
Posts: 9
Time spent in forums: < 1 sec
Reputation Power: 0
No luck...
Quote:
Originally Posted by Viper_SB
Any chance you can test the PHP script? I don't have AD so can't test it here.
I first made the following minor modification (possibly specific for my environment; I'm no PHP/Active Directory expert). The last line is the change:
PHP Code:
if (!ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, $protocolVersion))
{
exit('Failed to set protocol version to '.$protocolVersion);
}
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
Alas, no luck. I still received the "Server unwilling to perform" error that I was getting before. Son of a....
Posts: 6
Time spent in forums: < 1 sec
Reputation Power: 0
I'm still having problem to connect via SSL
I've read that if I want to change password via LDAP I have to connect via SSL to LDAP server.
And that's my problem right now.
$ldap=ldap_connect("myserver",636);
returns Success
and $ldap gets "Resource #1", so I suppose, that the connection is made, but when I try to bind using this connection I receive an error:
"Could not connect to LDAP server"
I tried also to bind annonymously mysql_bind($ldap), but it also reutrns the same error.
I've checked my php configuration and OpenSSL is configured. Our networ administrator says, that also AD server is configured to use SSL.
I have no idea where the problem could be right now.
The connection without SSL is possible and works fine.
Posts: 6
Time spent in forums: < 1 sec
Reputation Power: 0
How to check the connection type ?
OK - I think I'm one next step to the solution.
Surprisingly what helped to make a SSL connection with LDAP server was creating C:\OpenLDAP\sysconf\ (as described in one of the threads on the net) and putting there ldap.conf file which contains in its first line:
TLS_REQCERT never
Why on C drive and in this concrete directory - people says that its coded deep in the php_ldap.dll.
if (!($bind=ldap_bind($connect, $auth_user, $auth_pass))) {
die("Unable to bind to server");
}
echo "bind result is: ".$bind."<BR>";
if (!($search=@ldap_search($connect, $base_dn, $filter))) {
die("Unable to search ldap server");
,but when I try to change unicodePwd field I get the same message as in non SSL connection "Warning: ldap_modify(): Modify: Server is unwilling to perform".
Do you know if and how can I check if my connection to the LDAP server is encoded with SSL ?
Posts: 9
Time spent in forums: < 1 sec
Reputation Power: 0
Quote:
Originally Posted by KuRcZaK
Do you know if and how can I check if my connection to the LDAP server is encoded with SSL ?
I battled with the very same thing, as described earlier in this thread. I think we've determined that it is not an SSL problem. I am certain that I have a secure connection and I get the "Server unwilling to perform" error message as well. You can try the perl script shown earlier in the thread. That has worked for me. The direct translation to php, however, does NOT work. We aren't sure why that is...
Posts: 4,836
Time spent in forums: 1 Month 1 Day 15 h 32 m 54 sec
Reputation Power: 633
Ya if the PHP script isn't working then it's something with PHP, if anyone has an active directory server I could test stuff on I'd be willing to track down the problem and report it to PHP. All I'd need is a user account that could change my own password nothing else would be needed.
Also just so everyone is aware of this, ldap_connect() (in PHP) ALWAYS returns true. You can put in any IP or host and it'll be sucessfully, this IS a feature and is working correctly. ldap_bind() is what really connects so that is where you should check for connection. Here is how I do it.
PHP Code:
<?php
$link = ldap_connect($host);
if (!ldap_set_option($link, LDAP_OPT_PROTOCOL_VERSION, 3))
{
exit('Failed to set protocol version to 3');
}
// just do an anoymous bind and this makes sure the ldap server exists
ldap_bind($link);
// 0 is successful thus it was able to connect
if (ldap_errno($link) !== 0)
{
exit('Could not connect to LDAP server');
}
// this is your real bind
ldap_bind($link, $user, $password);
?>
Posts: 6
Time spent in forums: < 1 sec
Reputation Power: 0
...and what about user authentication
OK - I'll try version 5 RC 3 of PHP.
But I've one more question. Do you know if it's possible to verify user & password stored in AD. What I mean is that user while entering a site is asked to enter loginname and password.
Then I have to compare this with login & pwd stored in AD.
I suppose that the only way to verify this user is to search in AD for username and encoded password ? but is it possible ... just like below:
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Still not working for me.
How to check the connection type ?
I'd be willing to track down the problem and report it to PHP. All I'd need is a user account that could change my own password nothing else would be needed.
Linear Mode
