|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread |
Rating: 
|
Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#121
April 13th, 2006, 06:22 AM
|
|||
|
|||
|
hi all;
this my first question, i come from china. for the first time use php to link ad, i don't know how to modify users' password even i had view the article . who can give me some code wo use php5, win 2003server . when i try the code front.
|
|
#122
April 13th, 2006, 06:29 AM
|
|||
|
|||
|
this is my code
Code:
<?PHP
/*** Variable Settings ***/
$uid = 'uid';
$userbindDN = 'userbind';
//existing password
$userbindPass = 'password';
// new password
$passwd1 = 'changeme';
$passwd2 = 'changeme';
// administrative bind user
$authbindDN = 'authbind';
$authbindPass = 'authpass';
// ldap server info
$ldapserver = '123.123.123.123';
$baseDN = 'DC=me,DC=com';
/**************************/
/************* Main Script Code ***************/
/** Connect SSL to Ldap Server **/
echo "Connecting SSL to server<br>";
$ldap = ldap_connect($ldapserver);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldap, LDAP_OPT_REFERRALS, 0);
/** Test connection by using anonymous bind **/
echo "Testing anonymous bind to server<br>";
ldap_bind($ldap);
if (ldap_errno($ldap) !== 0)
{
exit('Could not connect to LDAP server - '.ldap_error($ldap));
}
/** Now try to bind with the username and password **/
echo "Now binding using user info<br>";
ldap_bind($ldap, $userbindDN, $userbindPass);
if (ldap_errno($ldap) !== 0)
{
exit('ERROR: User ID/Password Invalid - '.ldap_error($ldap));
}
/** We got this far, let's bind with an admin user **/
echo "Now binding using admin info<br>";
ldap_bind($ldap, $authbindDN, $authbindPass);
if (ldap_errno($ldap) !== 0)
{
exit('ERROR: Unable to bind with admin user info - '.ldap_error($ldap));
}
$searchResults = ldap_search($ldap, $baseDN, 'CN='.$uid);
// no matching records
$info = ldap_get_entries($ldap, $searchResults);
if ($searchResults === false)
{
exit('User ($uid) not found in AD');
}
if (!is_resource($searchResults))
{
exit('Error in search results.');
}
$entry = ldap_first_entry($ldap, $searchResults);
if (!is_resource($entry))
{
exit('Couldn\'t get entry');
}
$userDn = ldap_get_dn($ldap, $entry);
// Check Pwds not really used in this script but...
if ($passwd1 == $passwd2){
// prepare data
$newPassword = $passwd1;
$newPassword = "\"" . $newPassword . "\"";
$len = strlen($newPassword);
for($i = 0; $i < $len; $i++)
{
$newPassw = "{$newPassword{$i}}\000";
}
$newPassword = $newPassw;
$userdata['unicodePwd'] = $newPassword;
echo "<------------ Changing Password --------------><br><br>";
echo "Username = ".$uid."<br>";
echo "User login ID = ".$userbindDN."<br>";
echo "User DN = $userDn<br>";
$result = ldap_mod_replace($ldap, $userDn , $userdata);
if($result)
{
echo "User modified!<br>" ;
}else{
echo "There was a problem!<br>";
echo ldap_error($ldap)."<br>";
}
/** Now try to bind with the username and new password to insure change**/
echo "Now testing new password to insure change<br>";
ldap_bind($ldap, $userbindDN, $passwd1);
if (ldap_errno($ldap) !== 0)
{
exit('ERROR: User ID/Password Invalid - '.ldap_error($ldap));
}else{
echo "Password Verified OK. Password change complete<br>";
}
}
?>
Last edited by Viper_SB : April 13th, 2006 at 10:04 AM. Reason: removed password and other sensitive info
|
|
#123
April 13th, 2006, 06:30 AM
|
|||
|
|||
|
and this is my error
Connecting SSL to server Testing anonymous bind to server Now binding using user info Now binding using admin info <------------ Changing Password --------------> Username = ceshi User login ID = uid User DN = CN=me,CN=Users,DC=me,DC=com Warning: ldap_mod_replace(): Modify: Server is unwilling to perform in d:\usr\www\ceshi.php on line 79 There was a problem! Server is unwilling to perform Now testing new password to insure change Warning: ldap_bind(): Unable to bind to server: Invalid credentials in d:\usr\www\ceshi.php on line 89 ERROR: User ID/Password Invalid - Invalid credentials Last edited by Viper_SB : April 13th, 2006 at 10:05 AM. Reason: removed sensitive info
|
|
#124
April 13th, 2006, 10:06 AM
|
||||
|
||||
|
cailang021 please remember not to use valid data in your posts.
Please read though this entire thread, it lists how to get it working, you are missing some important things.
__________________
Miscellaneous Software Viper_SB Developershed E-Support Anyone else play chess? Challenge me
|
|
#125
April 13th, 2006, 07:50 PM
|
|||
|
|||
|
thanks a lot for your help,
i will not do it like that again!
|
|
#126
April 14th, 2006, 09:12 PM
|
|||
|
|||
|
Wow, this is great information. Hats off to everyone for figuring this out.
I do have one question though, I have a server that doesn't have AD installed but I'd like to change the admin password via PHP and IIS. Is that possible? Thanks.
|
|
#128
April 16th, 2006, 05:51 PM
|
|||
|
|||
|
I wanted to change a local user's password within Windows (local users are defined in the computer management of Administrative tools). For instance, I have a user named msharris on a server and this server also has IIS and PHP installed; so how would I go about changing msharris' password?
|
|
#130
April 16th, 2006, 09:12 PM
|
|||
|
|||
|
Maybe I missed it, but the codes and procedures I saw were using LDAP to connect to an AD domain. The server I'm working with is not part of an AD domain, hence LDAP queries aren't going to work quite right (right?).
Edit: I am trying to avoid using something like a net user call to cmd.exe to change things.
|
|
#131
April 17th, 2006, 02:29 PM
|
||||
|
||||
|
Oh a local user, I see, you'd have to look into the windows API IIRC, I'm not sure PHP can do it though. Maybe if you looked up how windows stores the user (file system I'd guess), then PHP could change it.
|
|
#133
July 26th, 2006, 04:02 PM
|
|||
|
|||
|
First off, this is one long thread, but it has a lot of useful info. Thanks everyone.
I'm trying to change a user's password while binding to AD as them, instead of an admin account. As others have noted: Quote:
I'm able to connect to AD 2003 using either SSL or TLS so that's not the problem. Also, authenticating is no problem. I'm using PHP 5.1.4-0.1 (debian package). Using ldap_mod_replace gives an "Insufficient Permissions" error. It wants an admin account, which I'm trying to avoid. Using ldap_mod_del then ldap_mod_add gives "No Such Attribute" and "Type Or Value Exists." This isn't surprising to me since unicodePwd needs to exist so del fails and it already exists so add fails (thank you, Captain Obvious). Also, they're not joined together as a single request so it doesn't quite match what MS says. Has anyone had any luck with this? Thanks in advance. (In case you are wondering why I don't want to use an admin account... I develop on the side. My main function is being a paranoid security analyst.  )
|
|
#134
July 27th, 2006, 04:38 PM
|
||||
|
||||
|
Quote:
What about creating an admin account that can ONLY change user passwords (ONLY non admin ones)? It can't do anything else that way the security of it is low? Other then that I don't know, I use AD but haven't had to get around to changing passwords
|
|
#135
July 27th, 2006, 04:42 PM
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
