I've been creating a web portal to allow our staff to change their AD passwords. While I can change the users password using ldap_mod_replace when admin credentials are used for the ldap_bind, it won't work when I bind with the users credentials. Is there something more I need to do to allow a user to change their own password?
This is a snippet of my code that does the password change.
$ldap_conn = ldap_connect($ldap_host);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$ldap_username = $_SESSION['User'];
$ldap_oldpassword = $_POST['oldpswd'];
$ldap_newpassword = $_POST['newpswd'];
$ldap_confirmnewpassword = $_POST['newpswdconfirm'];
if (ldap_bind($ldap_conn, $ldap_username, $ldap_oldpassword)) {
//encode password
if ($ldap_newpassword == $ldap_confirmnewpassword){
$pwdtxt = $ldap_newpassword;
$newPassword = '"' . $pwdtxt . '"';
$newPass = iconv( 'UTF-8', 'UTF-16LE', $newPassword );
$userdata["unicodepwd"] = $newPass;
// change password
$userDn = $_SESSION['DN'];
$result = ldap_mod_replace($ldap_conn, $userDn, $userdata);
if ($result) {
echo "User modified!";
}
}
else{
$response = "failed";
echo $response;
}
}
else {
ldap_get_option($ldap_conn, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extended_error);
$response = $extended_error;
echo json_encode(array($response));
}
Thanks
