#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2009
    Posts
    3
    Rep Power
    0

    Ldap password update on OS X Open Directory w/PHP


    Hello All,

    Anyone know how to change OS X Open Directory password using php ldap_mod_replace.

    This is what I am using and it is updating the userPassword entry but I cannot authenticate with the new password.

    PHP Code:
    $encodedPass "{SHA}" base64_encodepack"H*"sha1$pass ) ) );
    $r=ldap_mod_replace($ldapconn,"uid=".$username.",cn=users,dc=server,dc=domain,dc=com"$info); 
    Thanks!
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    3
    Rep Power
    0
    Hate to bump a year-old thread, but with no response and no solution...

    So did the OP find a fix for this? I'm having the same problems:
    1. I can connect to the SSL ldaps://domain:636 and bind with any proper user. I bind with the user whose password is to change.
    2. I've tried to modify the password with ldap_mod_replace and ldap_modify. They both return true as if they have succeeded, but I can't log in with the new password.
    3. I've also tried to change the password with a superadmin login, but the modify function return true as if it succeeded, but I still can't log in with the new password.

    I'm using Mac 10.6 Server, PHP 5.3 and LDAP V3.

    My next step is to use ldap_mod_del and add to delete the old password, then add the new password. But I'm pretty sure that will fail too.

    Sooo...any suggestions?
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2009
    Posts
    3
    Rep Power
    0
    Check out my blog, blog dot galensprague dot com for some hints with this. I have a password php app, and a forgot password app.

    Also with 10.6 server you can just turn on the wiki service and all users can update there password through there instead.

    Hope this helps!
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    3
    Rep Power
    0
    Thanks, but I was hoping to be able to keep it in php, and not resort to exec for system calls to change the password. I like the code other than that though

    I can't see any good reason that ldap_mod_replace shouldn't work. This is so very frustrating...
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2009
    Posts
    3
    Rep Power
    0
    I'm pretty sure that would be a security issue. I think that is why I did it that way.
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2010
    Posts
    3
    Rep Power
    0
    That's what I ended up doing too, but with shell_exec and making sure to escapeshellarg and escapeshellcmd the necessary bits.

    It still bothers me that I couldn't do it with the ldap functions. Ah, well.

    In the end, it works. That is ultimately the goal after all, no? I still think permissions will be the death of me.

IMN logo majestic logo threadwatch logo seochat tools logo