dscrn1974 2018-06-06 04:04
浏览 105
已采纳

LDAP CHANGE PASSWORD PHP

I want to change user's password [unicodePwd] on Windows Active Directory using PHP LDAP.

I am using Windows Active Directory via PHP LDAP.

I don't have any issues connection to it.

I don't have any issues collecting data.

I don't have any issues changing attributes using ldap_mod_replace or ldap_modify

except for the "unicodePwd".

*note that this works

$user['telephonenumber'] = '1234567890';

*note that this does'nt work

$user['unicodePwd'] = mb_convert_encoding('my_new_password', "UTF-16LE");

// CODE

$result = ldap_modify($ldap, $dn, $user);
return ldap_error($ldap);

// CODE

// ERROR ON CHANGING unicodePwd

ldap_modify(): Modify: Server is unwilling to perform

// NO ERROR FOR telephonenumber

  • 06/11/2018 Problem,

I can't setup my server to have ldap over ssl. Already tried installing AD CS, nothing worked so far. Still configuring my server any idea about installing CA(Certificate Authority) to be used in LDAP over SSL?

  • 06/20/2018 Problem, NEW PROBLEM

Already setup LDAP OVER SSL, i can also use ldap using the

cmd->ldp; port 389, and 636 with ssl is good.

but when i run it in my php using port 636 or ldaps://servername this is the error,

ldap_bind(): Unable to bind to server: Can't contact LDAP server
  • 写回答

1条回答 默认 最新

  • douliu8327 2018-06-07 08:19
    关注

    You need to be on a secured connection to modify a password (and probably other security related options).

    Add the following before you call ldap_bind():

    ldap_start_tls($ldap);
    

    This is a good idea even if you aren't trying to change a password as otherwise your bind operation is cleartext and can be sniffed.


    If you see this error:

    Warning: ldap_start_tls(): Unable to start TLS: Connect error in ...

    You can workaround the issue by adding the following line before you call ldap_connect:

    putenv('LDAPTLS_REQCERT=never');
    

    WARNING: This disables checking the validity of the LDAP server certificate! Ideally you should add the server certificate (or its signing CA) to your trusted store.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 求安卓设备利用一个typeC接口,同时实现向pc一边投屏一边上传数据的解决方案。
  • ¥15 SQL Server analysis services 服务启动失败
  • ¥15 用html创建一个个人网页,提供网页页面
  • ¥20 java项目连接SqlServer数据库报错
  • ¥15 基于面向对象的图书馆借阅管理系统
  • ¥15 opencv图像处理,需要四个处理结果图
  • ¥20 centos linux 7.9安装php8.2.18不支持mysqli模块的问题
  • ¥15 stata空间计量LM检验
  • ¥15 NAO机器人说出txt文本内容
  • ¥15 关于k8s node节点被释放后如何驱逐节点并添加新节点