douju2012 2015-03-18 06:31
浏览 108
已采纳

使用PHP更新AD密码问题

Hi I have written following script to update a password for a specific user

<?php

function create_ldap_connection() {

        $ip = "192.168.168.1";
        $ldaps_url = "192.168.168.1";

        $port = 389;
        $ldap_conn = ldap_connect($ldaps_url, $port) or die("Sorry! Could not connect to LDAP server ($ip)");

        $password = "password";
        $binddn = "CN=Administrator,CN=Users,DC=ad,DC=test,DC=com";
        $result = ldap_bind( $ldap_conn, $binddn, $password ) or die("  Error: Couldn't bind to server using provided credentials!");

        if($result) {

                return $ldap_conn;
        }
        else {
                die (" Error: Couldn't bind to server with supplied credentials!");
        }
}

function get_user_dn($ldap_conn, $user_name) {

        /* Write the below details as per your AD setting */
        $basedn = "OU=ITS Users,DC=ad,DC=test,DC=com";

        /* Search the user details in AD server */
        $searchResults = ldap_search($ldap_conn, $basedn, $user_name);

        if(!is_resource($searchResults)) die('Error in search results.');
        /* Get the first entry from the searched result */
        $entry = ldap_first_entry($ldap_conn, $searchResults);

        $info = ldap_get_entries($ldap_conn, $searchResults);
        echo $info["count"]." entries returned
";

        return ldap_get_dn($ldap_conn, $entry);
}

function pwd_encryption($newPassword) {

        $newPassword = "\"" . $newPassword . "\"";
        $len = strlen($newPassword);
        $newPassw = "";

        for ($i = 0; $i < $len; $i++) {

                $newPassw .= "{$newPassword {$i}}\000";
        }

        $userdata["unicodePwd"] = $newPassw;
        return $userdata;
}

$user_name = "(|(sn=archieg*)(SamAccountName=archieg*))";

$user_password = "password!1234";
$ldap_conn = create_ldap_connection();
$userDn = get_user_dn($ldap_conn, $user_name);
$userdata = pwd_encryption ($user_password);

print_r($userdata);

//$result = ldap_mod_replace($ldap_conn, $userDn , $userdata);  /* Check whether the password updated successfully or not. */
$result = ldap_modify($ldap_conn, $userDn , $userdata);

if($result) {

        echo "Success attempting to modify password in AD";
}
else {

        echo "Error: Please try again later!
";
        $e = ldap_error($ldap_conn);
        $e_no = ldap_errno($ldap_conn);
        echo $e . "
";
        echo $e_no . "
";
}

?>

However when I run this I get the following error,

[root@web chpasswd]# php ad_change.php 
PHP Warning:  Module 'intl' already loaded in Unknown on line 0
1 entries returned
Array
(
    [unicodePwd] => "password!1234"
)
Error: Please try again later!
Server is unwilling to perform
53
[root@web chpasswd]# 

What am I doing wrong here? I've been playing around with the encryption but that didn't help either. I have Windows Server 2012 R2 Active Directory.

Many Thanks

  • 写回答

1条回答 默认 最新

  • dqgg25493 2015-03-19 05:05
    关注

    It worked out that this wasn't a issue with my code. I had to setup certificate authority on my server. This is what I did,

    Make sure your PHP install has both the ldap and openssl extensions enabled.

    Windows/Linux Procedure

    Verify the ldap.conf file settings.

    For Windows, verify that the C:\openldap\sysconf\ldap.conf file exists.

    For Linux, verify that the /etc/openldap/ldap.conf file exists. If it does not, create it.

    For both Linux and Windows, the ldap.conf file should contain this line: ** -

    TLS_REQCERT never

    If you want php to verify the ldap server's ssl certificate with the Certificate Authority that issued the certificate, you need to put the root certificate here: Export the trusted root Certificate. (For details, see Step 1 in How to test LDAP over SSL).

    Use this command to convert the DER to PEM:

    openssl x509 -in RootCert.der -inform DER -out RootCert.pem -outform PEM

    On Windows you can download openssl binaries from these two sites:

    http://gnuwin32.sourceforge.net/packages.html

    http://www.ShininglightPro.com/

    Now copy the rootcert.pem to the certs folder:

    For Linux, /etc/openldap/cert/rootcert.pem

    For Windows, C:\openldap\sysconf\certsootcert.pem

    For both Linux and Windows, the ldap.conf file should contain this line:

    (Linux) TLS_CACERT /etc/openldap/cert/rootcert.pem

    (Windows) TLS_CACERT c:\OpenLDAP\sysconf\certsootcert.pem

    You can find my latest code on https://github.com/achintha85/AD_User_Password_Change_PHP

    Hope this helps someone in the future.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 电脑开机过商标后就直接这样,求解各位
  • ¥15 mysql , 用自己创建的本地主机和用户名 登录不上
  • ¥15 关于#web项目#的问题,请各位专家解答!
  • ¥15 vmtools环境不正常
  • ¥15 请问如何在Ubuntu系统中安装使用microsoft R open?
  • ¥15 jupyter notebook
  • ¥30 informer时间序列预测
  • ¥20 SSR引物多态性分析
  • ¥15 大漠插件在Win11易语言注册调用和免注册灵异事件,VS上注册调用完全没问题
  • ¥15 Addressable缓存机制做热更新的问题