PHP - Change Passwords @ Active Directory

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
overon
Forum Newbie
Posts: 1
Joined: Tue Jul 28, 2009 3:01 pm

PHP - Change Passwords @ Active Directory

Post by overon »

hi.. am trying to create a small script to change the password for my domain users,
my php server u created in linux. and my AD is a 2003 server.
I can create normally any user acount, but i cant get it work to change the user password.. i search over the net and I found some clues...
1- connect through 636 port
2- Eneable SSL certificate in my php server
3- And at last im using the following script to change the user password

Code: Select all

 
$GLOBALS["AD_SERVER"]           = 'ldaps://XXX.XX.0.65';   
$GLOBALS["AD_BASEDN"]           = 'dc=XYZ,dc=ac,dc=cr';
$GLOBALS["AD_GROUP_BASEDN"]     = 'ou=group,dc=XYZ,dc=ac,dc=cr';
$GLOBALS["ad_bind_dn"]          = 'adduser';
$GLOBALS["ad_bind_pass"]        = '4ddU53r';
$GLOBALS["ad_port"]         = 636;
 
function ad_cambiar_password($useruid,$newPass)
{
    // connect to ldap
        $ad_conexion = ad_conectar();
        if ($ad_conexion == false) // error en la conexion
            return false;
 
        //Search the DN
        $filter = "uid=".$useruid;
        $atribute = array("uid","gidNumber","uidNumber,","loginShell");
 
        $ad_search_result = @ldap_search($ad_conexion, $GLOBALS["AD_BASEDN"], $filter,$atribute);
        if (@ldap_count_entries($ad_conexion, $ad_search_result) < 1)
        {
                //echo @ldap_count_entries($ad_conexion, $ad_search_result);
            @ldap_unbind($ad_bind_result);
            return false;
        }
 
        // Error if result != 1
        if (@ldap_count_entries($ad_conexion, $ad_search_result) != 1)
        {
            @ldap_unbind($ad_bind_result);
            //return "No existe el usuario '" . $useruid . "'. Usuario invalido";
            return false;
        }
 
        // Get the result info
        $ad_user_ldif_entry = @ldap_first_entry($ad_conexion, $ad_search_result);
        if (! $ad_user_ldif_entry )
        {
            @ldap_unbind($ad_bind_result);
            return false;
        }
 
        //Get the DN user 
        $ad_user_dn = @ldap_get_dn($ad_conexion, $ad_user_ldif_entry );
        if (! $ad_user_dn)
        {
            @ldap_unbind($ad_bind_result);
            return false;
        }
        //Change the pass attribute
 
       $info["unicodePassw"] = $newPass;
       unset($newPass);
 
 
       $ldap_mod_replace_result = ldap_mod_replace ($ad_conexion, $ad_user_dn, $info);
      // echo " ".ldap_errno($ad_conexion)."->".ldap_error($ad_conexion)."<br>";
       @ldap_unbind($ad_conexion);
        return $ldap_mod_replace_result;
    }
 

but i cant get it done...the $ldap_mod_replace_result is empty and the password still the same
Post Reply