PHP - Change Passwords @ Active Directory
Posted: Tue Jul 28, 2009 3:51 pm
hi.. am trying to create a small script to change the password for my domain users,
my php server u created in linux. and my AD is a 2003 server.
I can create normally any user acount, but i cant get it work to change the user password.. i search over the net and I found some clues...
1- connect through 636 port
2- Eneable SSL certificate in my php server
3- And at last im using the following script to change the user password
but i cant get it done...the $ldap_mod_replace_result is empty and the password still the same
my php server u created in linux. and my AD is a 2003 server.
I can create normally any user acount, but i cant get it work to change the user password.. i search over the net and I found some clues...
1- connect through 636 port
2- Eneable SSL certificate in my php server
3- And at last im using the following script to change the user password
Code: Select all
$GLOBALS["AD_SERVER"] = 'ldaps://XXX.XX.0.65';
$GLOBALS["AD_BASEDN"] = 'dc=XYZ,dc=ac,dc=cr';
$GLOBALS["AD_GROUP_BASEDN"] = 'ou=group,dc=XYZ,dc=ac,dc=cr';
$GLOBALS["ad_bind_dn"] = 'adduser';
$GLOBALS["ad_bind_pass"] = '4ddU53r';
$GLOBALS["ad_port"] = 636;
function ad_cambiar_password($useruid,$newPass)
{
// connect to ldap
$ad_conexion = ad_conectar();
if ($ad_conexion == false) // error en la conexion
return false;
//Search the DN
$filter = "uid=".$useruid;
$atribute = array("uid","gidNumber","uidNumber,","loginShell");
$ad_search_result = @ldap_search($ad_conexion, $GLOBALS["AD_BASEDN"], $filter,$atribute);
if (@ldap_count_entries($ad_conexion, $ad_search_result) < 1)
{
//echo @ldap_count_entries($ad_conexion, $ad_search_result);
@ldap_unbind($ad_bind_result);
return false;
}
// Error if result != 1
if (@ldap_count_entries($ad_conexion, $ad_search_result) != 1)
{
@ldap_unbind($ad_bind_result);
//return "No existe el usuario '" . $useruid . "'. Usuario invalido";
return false;
}
// Get the result info
$ad_user_ldif_entry = @ldap_first_entry($ad_conexion, $ad_search_result);
if (! $ad_user_ldif_entry )
{
@ldap_unbind($ad_bind_result);
return false;
}
//Get the DN user
$ad_user_dn = @ldap_get_dn($ad_conexion, $ad_user_ldif_entry );
if (! $ad_user_dn)
{
@ldap_unbind($ad_bind_result);
return false;
}
//Change the pass attribute
$info["unicodePassw"] = $newPass;
unset($newPass);
$ldap_mod_replace_result = ldap_mod_replace ($ad_conexion, $ad_user_dn, $info);
// echo " ".ldap_errno($ad_conexion)."->".ldap_error($ad_conexion)."<br>";
@ldap_unbind($ad_conexion);
return $ldap_mod_replace_result;
}
but i cant get it done...the $ldap_mod_replace_result is empty and the password still the same