1. 首頁
  2. 問答
  3. ldap_mod_replace返回true,但密碼不變

ldap_mod_replace返回true,但密碼不變

2015-09-24 55 views
2

我想使用PHP更改LDAP目錄用戶的密碼。ldap_mod_replace返回true,但密碼不變

後,我綁定到LDAP,我尋找所需的用戶與samaccount名DN和檢索dn

$filter="(samaccountname=desiredname.desiredname)"; 

$result = ldap_search($lh, $personnel_base, $filter) or die(ldap_error($lh)); 
//$data = ldap_get_entries($lh, $result); 
$entry = ldap_first_entry($lh, $result); 
$atribute = ldap_get_attributes($lh, $entry);

然後我用ldap_mode_replace更改密碼:

$newpass = "Cevadetest123#!"; 

    ldap_mod_replace($lh, $dn, array('userpassword' => "{MD5}".base64_encode(pack("H*",md5($newpass))))) or die(ldap_error($lh)); 

    echo "Password changed!";

雖然我得到Password changed!輸出,密碼保持不變。

有什麼建議嗎?

編輯:我只是注意到,屬性userpassword確實更改,但通過LDAP登錄我必須使用舊密碼!這是什麼足球?

來源

2015-09-24 Hello Lili

+0

誰實際上綁定到LDAP?用戶綁定到LDAP實際上是否允許讀取相關用戶的密碼? – heiglandreas

+0

@heiglandreas我找到了答案併發布了它 –

回答

2

我找到了答案。首先,我必須更改的字段是unicodePwd,它不能被讀取 - 它只能被修改。爲了寫入此字段,您必須首先與LDAP建立安全連接。因此,主機名是:ldaps://hostname.something.local

下一個重要步驟是寫前場加密密碼:

$newpassword="HelloWorld123"; 
$newpassword = "\"".$newpassword."\""; 
$newPass = mb_convert_encoding($newpassword, 'UTF_16LE')

你可以找到完整的代碼here

我就粘貼在下面萬一有事與鏈接:

ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); 
     $ldapconn = ldap_connect('ldaps://127.0.0.1', 636); 
     ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); 
     ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0); 
     $ldapuser="ldapuser"; 
     $ldappwd="*****"; 

     // search for user 
     ldap_bind($ldapconn, "CN=$ldapuser,CN=Users,DC=my,DC=company,DC=example", $ldappwd); 

     $res_id = ldap_search($ldapconn, "CN=Users,DC=my,DC=company,DC=example", "sAMAccountName=$username"); 
     if ($res_id) { 
     $entry_id = ldap_first_entry($ldapconn, $res_id); 
     if($entry_id){ 
      $user_dn = ldap_get_dn($ldapconn, $entry_id); 
      if ($user_dn) { 
      $ldapbind = ldap_bind($ldapconn, $user_dn, $oldpassword); 
      // check if the old password allows a successfull login 
      if($ldapbind) { 
       if(strcmp($newpassword, $newpassword2)==0){ 

       // create the unicode password 
       $newpassword = "\"" . $newpassword . "\""; 
       $newPass = mb_convert_encoding($newpassword, "UTF-16LE"); 

       //rebind as admin to change the password 
       ldap_bind($ldapconn, "CN=$ldapuser,CN=Users,DC=my,DC=company,DC=example", $ldappwd); 

       $pwdarr = array('unicodePwd' => $newPass); 
       if(ldap_mod_replace ($ldapconn, $user_dn, $pwdarr)) { 
        print "<p class='success'>Change password succeded.</p>\n"; 
       } else { 
        print "<p class='error'>Change password failed.</p>\n"; 
       } 
       }else{ 
       print "<p class='error'>New password must be entered the same way twice.</p>\n"; 
       } 
      }else{ 
       print "<p class='error'>Wrong user name or password.</p>\n"; 
      } 
      } else { 
       print "<p class='error'>Couldn't load user data.</p>\n"; 
      } 
     } else { 
      print "<p class='error'>Couldn't find user data.</p>\n"; 
     } 
     } else { 
      print "<p class='error'>Username was not found.</p>\n"; 
     } 
     if(ldap_error($ldapconn)!="Success"){ 
     print "<p class='error'>LDAP Error:<br />\n"; 
     var_dump(ldap_error($ldapconn)); 
     print "</p>\n"; 
     } 
     @ldap_close($ldapconn);

來源

2015-09-29 09:45:09

相關問題

 相關問題