Page 6 - Modifying Active Directory passwords through PHP and IIS

I believe if you're accessing the LDAP server directly from the same computer then you don't need SSL but otherwise you most likly do.

Hy I have tried to read the Active Directory (LDAP) remotely by a LDAP Browser and I don't find entrys for the password, what should i do, are there any special DNs or CN??
Thax Fiveman
I logged into the directory with the Admin

Microsoft says you must use SSL before you can write to the unicodePwd field.

It is not possible read the unicodePwd field. The CN of the unicodePwd field is "Unicode-Pwd".

Try this article:
http://support.microsoft.com/defaul...kb;en-us;273753

Anyone of you checked the policy Settings of the Active Directory Server?

The Server 2003 has very strict default password policies; if your password doesn't conform the rules it says "Server unwilling to perform..."

Yeah, when I try to write to the unicodePwd field, I always conform to my server's password policy (can't vouch for anyone else, though).

AY, sorry for disturbing, but a cannot even make a connection with ldaps://serverip/ ...

There is a CA installed n the Server running the AD. What more do i have to do?

It seems "ldaps://" does not work when connecting to Active Directory. You'll have to specify "ldap://", and then manually specify the secure LDAP port. Look at previous posts for that information.

the solution is here:

http://www.ldaphelp.com/viewtopic.php?t=6

Wow. I don't know how you figured that out, but I will try it, and if it works, YOU ARE GOD.

Did it work?

Well, the scripts I wrote initially don't work at all anymore (after-effect of renaming a domain), and I don't have the time to figure them out.

I don't know when I'll have the time to play, but rest assured, I took notes . I'll play with it again soon...

Wow, I'm still utterly stoked that he made it work, and I won't believe it until I see it.

Hey Guys - I'm new to this forum, so be easy on me... I got the LDAPS thing working - installing a cert server on my DC took care of that. I created the directory and necessary file with reference to OpenLDAP on the DC. I made sure that the web server was "trusted for delegation" on the machine object. I think the main problem I am facing now is the Unicode encoding process. I can get the encoding done with the "stringconverter.exe" app, and have it post it to another variable or even to a text file (and I even avoided the forking issue...finally... stupid NTFS security...). I really want to avoid using an external app to do the conversion. Thus far, all of the sample code that I have found will not encode a string so that it matches the output of the stringconverter. The code found on the link from arknius found at http://www.ldaphelp.com/viewtopic.php?t=6 doesn't work for me. I keep getting an unknown variable found on line 8. Turns out that my ver of PHP (or whatever...) doesn't like the $newpassw variable with a ".=" . If I define the variable, the error goes away, but alas, no encoding... lol. I have been toying around with PHP for a few years, and this is pretty much the only thing I haven't been able to do - thus far. If anyone has found a working code, please post.
Network Config:
2003 Domain Controller - Cert Services / OPENLDAP dir at root
2003 Member Server hosting IIS6 and PHP 5.
By the way, using the stringconverter and ldifde does work, but I would really like to keep everything internal to PHP with LDAP calls.
Thanks!

Check my solution on http://www.ldaphelp.com

it works with AD

Thanks very much. That helped me tremendously!