Page 1 of 1

setting a LDAP password

Posted: Thu Jun 01, 2006 4:14 am
by kamme
Hello, I'm having problems with PHP5 and setting the ldap password.

I can auth and bind and such using and account I've made on the win2003 box, but when I try to make a new account in php I can't bind it because of an 'wrond credentials' error. When I go to the win2003 box and reset the password to the same value (example: when I made the user in php I put in 'buhbuhbuh' as pass, and on the win2003 box I reset the pass to 'buhbuhbuh') I can bind all of a sudden...

I've looked on php.net, google, ... but I didn't find anything that works. I've even used phpldapadmin to set the password, but that didn't work either...

I've been working on it for almost a week now so I'm getting out of idea's...

Any help would be appreciated!

Posted: Thu Jun 01, 2006 9:57 am
by pickle
Setting a password on an account is different than setting other properties. In NDS (Novell's implementation of a Directory Service), this is how I have to do it on my system:

Code: Select all

$update_context = "cn=joeUser,o=MyOrg";
$conn = ldap_connect('ldap://my.ldap.ip');
ldap_bind($conn,$bind_context,$bind_password);

$userdata['userpassword'] = 'submitted password';//the field 'userpassword' will probably change between DS implementations
ldap_mod_replace($conn,$update_context,$userdata);
You should also check to make sure that the user you're binding with has the proper permissions to create a new user AND to set a password - they might be different permissions.

Posted: Fri Jun 02, 2006 4:04 am
by kamme
First of all, thank you for the reply.

I've allready tried your suggestion, but that didn't work either.

This is a piece of code I am using:

Code: Select all

$userdata["UserPassword"] = "buhbuhbuh";
$result = ldap_mod_replace($ldap, $base_dn, $userdata);
if ($result) 
echo "User modified!<br>" ;
else 
echo "There was a problem!<br>";

ldap_close($ldap);
It tells me:

User modified!

But when I do a bind afterwards, it tells me:

Warning: ldap_bind() [function.ldap-bind]: Unable to bind to server: Invalid credentials in /home/kim/public_html/pas.php on line 47
Could not bind to the LDAP account

Note that it's a windows 2003 server and I'm createing the user as administrator...

I'm really stuck here...

Posted: Fri Jun 02, 2006 9:31 am
by pickle
You should check whatever documentation you have to double-check the variable name for the password. It's 'userpassword' in my particular instance of NDS, but it's almost certainly different in Active Directory.

Have you checked Active Directory documentation to see if it's even possible to change the password via LDAP?