Page 5 - Modifying Active Directory passwords through PHP and IIS

Dev Shed Forums Sponsor:

Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!

#61

June 21st, 2004, 07:11 PM

Viper_SB

Psycho Canadian

Join Date: Jan 2001

Location: Canada

Posts: 4,739

Time spent in forums: 4 Weeks 6 h 25 m 16 sec
Reputation Power: 384

After reading a TON of info on PHP and ldap I believe our problem is that PHP LDAP doesn't support SSL

I could be totally wrong but from what I read here it appears for now PHP is based off LDAP v.2 not v.3 thus no SSL support.

Quote:

The current version of PHP is 4.0.6, and its LDAP support is built on the Netscape or OpenLDAP libraries. Again, however, its LDAP support is mostly v2 based (although LDAP controls are supported as of 4.0.4 with the OpenLDAP libraries) and thus will not support SSL sessions and other v3 functionality, even if the C library supports them. You'll want to look at the PHP web page (http://www.php.net) for details on the LDAP calls themselves.

__________________
Miscellaneous Software
Viper_SB
Developershed E-Support

Anyone else play chess?
Challenge me
Challenge me

#62

June 21st, 2004, 07:13 PM

MatthewClark

Contributing User

Join Date: Aug 2003

Location: San Angelo, Texas (USA)

Posts: 286

Time spent in forums: 13 h 48 m 16 sec
Reputation Power: 7

But it says the current version of PHP is v4.0.6. Of course, PHP is much newer than that, and with that, I wonder if LDAP has also been upgraded/improved...

I'll do a little research too.

__________________
InLesserTerms.net
Sometimes it takes a little cussin' to get things done right.

#63

June 21st, 2004, 07:17 PM

Viper_SB

Psycho Canadian

Join Date: Jan 2001

Location: Canada

Posts: 4,739

Time spent in forums: 4 Weeks 6 h 25 m 16 sec
Reputation Power: 384

I'm using PHP 5RC3 and it still defaults to version 2 unless you specificly say otherwise. So it'd appear to me that it hasn't yet, but please another person searching would help

. Also this is kinda helpfull to me, even though I'm not needing it right now in the future I need PHP to support SSL.

#64

June 21st, 2004, 07:19 PM

MatthewClark

Contributing User

Join Date: Aug 2003

Location: San Angelo, Texas (USA)

Posts: 286

Time spent in forums: 13 h 48 m 16 sec
Reputation Power: 7

SSL must be supported, because PHP.net says to copy libeay32.dll and ssleay32.dll to the system folder of a Windows server (which I have). http://www.php.net/manual/en/ref.ldap.php This leads me to believe LDAP in PHP supports SSL.

Also, v3 supports SSL, and you can set the version with ldap_set_option($connection, LDAP_OPT_PROTOCOL_VERSION, 3).

Last edited by MatthewClark : June 21st, 2004 at 07:22 PM.

#65

June 21st, 2004, 07:37 PM

Viper_SB

Psycho Canadian

Join Date: Jan 2001

Location: Canada

Posts: 4,739

Time spent in forums: 4 Weeks 6 h 25 m 16 sec
Reputation Power: 384

Yep version 3 does support SSL, but if you atttempt to connect to ldaps:// it always errors this shouldn't happen.

#66

June 21st, 2004, 08:08 PM

MatthewClark

Contributing User

Join Date: Aug 2003

Location: San Angelo, Texas (USA)

Posts: 286

Time spent in forums: 13 h 48 m 16 sec
Reputation Power: 7

I'm gonna try this: use exec() with the stringconverter utility to get my password.

Also, when using the ldp.exe utility in the Windows Support tools, I found that you cannot modify unicodePwd through the GC port 3269. PHP won;t tell you this - all it says is "Unwilling to perform". The ldp.exe utility will tell you exactly why...

I will try using the stringconverter and exec(), and we'll see what happens...

#67

June 21st, 2004, 08:27 PM

MatthewClark

Contributing User

Join Date: Aug 2003

Location: San Angelo, Texas (USA)

Posts: 286

Time spent in forums: 13 h 48 m 16 sec
Reputation Power: 7

I forgot - exec() and system() never work. They always belch out "Unable to fork" errors.

#68

June 21st, 2004, 09:03 PM

MatthewClark

Contributing User

Join Date: Aug 2003

Location: San Angelo, Texas (USA)

Posts: 286

Time spent in forums: 13 h 48 m 16 sec
Reputation Power: 7

Well, as I have been for the past several weeks, I seem to be wasting time because nothing works. There is NOTHING on the 'net about this, and LDP.exe is no help either. All we ever get is "Unwilling to perform", no matter what.

I'm going to give up for now - I've done all I can do with no tangable results. I will keep monitoring this thread, though...

#69

June 21st, 2004, 09:28 PM

Viper_SB

Psycho Canadian

Join Date: Jan 2001

Location: Canada

Posts: 4,739

Time spent in forums: 4 Weeks 6 h 25 m 16 sec
Reputation Power: 384

Well it's been fun spamming this thread with you

. I got to get SSL working with LDAP for a project now so I'm going to work on this. Currently looking at the PHP source and going to try to track it from there.

#70

June 21st, 2004, 09:42 PM

MatthewClark

Contributing User

Join Date: Aug 2003

Location: San Angelo, Texas (USA)

Posts: 286

Time spent in forums: 13 h 48 m 16 sec
Reputation Power: 7

Alright...good luck. I'll be watching this one...

#71

June 22nd, 2004, 03:11 AM

Jock3h^

Registered User

Join Date: Jun 2004

Location: Greenock, Scotland

Posts: 5

Time spent in forums: 20 m 59 sec
Reputation Power: 0

I can now reset Domain Password in Active Directory

But only to a default Password (which i can change at regular intervals with Stringconverter)
here is the code i used!

PHP Code:


		
			
<?php 



    session_start();



    // is this user authenticated, let them access this page?

    if(!isset($_SESSION["user"]) || $_SESSION["user"]=="")

    {

            printf("You are not an authenticated user");

            // nope, bail.

            exit();

    }



$dn = urldecode($_GET['dn']);

$entry = "dn: ".$dn."\nchangetype: modify\nreplace: unicodePwd\nunicodePwd::IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA=\n-\n";

$fp = fopen("c:\\chPwd.ldif", "w");

echo $entry;

echo "<br>";

fputs($fp, $entry);

fclose($fp);



$sys=system("ldifde -i -f c:\chPwd.ldif -t 636 -s fsstudent -b ".$_SESSION['login']." college.jameswatt.ac.uk ".$_SESSION["pass"]."");

?>

what this page (chpass3.php)does is take the dn from the URL given by the last page & then uses ldifde to reset the users password to , in this case "newPassword"
but u can use stringconvertor to change this to anything you want!
I'm fairly new to php but my background is in Active Directory (MCSE/MCSA)
this does work.. email me if you need more info!
soon i'll put together a Tutorial for all the newguy & stick it on here!
Cheers
Wullie

#72

June 22nd, 2004, 06:29 AM

MatthewClark

Contributing User

Join Date: Aug 2003

Location: San Angelo, Texas (USA)

Posts: 286

Time spent in forums: 13 h 48 m 16 sec
Reputation Power: 7

Well, then take the password from a form and write it to the file chPwd.ldif. That say you're not stuck with using the same ol' password. I considered doing this exact yesterday, but never tried it...

#73

June 22nd, 2004, 10:05 AM

Jock3h^

Registered User

Join Date: Jun 2004

Location: Greenock, Scotland

Posts: 5

Time spent in forums: 20 m 59 sec
Reputation Power: 0

like i said i'm newish to PHP

The Original Idea was to reset it to their Date of Birth which is kept in active directory but i can't get it change from dateofbirth to unicode
And after speaking to my Boss he has settled with the idea of reseting it to a generic password that is changed every day or so!(using Stringconverter)

i've learned a lot from this thread alone thanks to both Viper_SB & Matthew Clark
Cheers Lads!