CODEWITHSUNDEEP
phpmysqlactive-directoryldap
juupiter
juupiter

Reputation: 33

Add password user using LDAP PHP

I searched every days for my problem, I tried many solutions and I didn't find... :(

I want to create an user using ldap_add with PHP. Working fine without enable account and without password. You find the code below.

Can you help me, please?

Config : PHP 5.6 Windows Server 2012 R2 with AD

I can enable an account when I use $info["useraccountcontrol"]=544; but the account isn't with a password... User must loggon without password and type his new password at the first connection. *

I tried to add a password with $info['userPassword'] and chand useraccountontrol at 512 and I get this error :

ldap_add(): Add: Server is unwilling to perform

Here is my code : 

<?php
$name = htmlspecialchars($_POST["name_build"]);
$lastname = htmlspecialchars($_POST["lastname_build"]);
$department = utf8_encode(htmlspecialchars($_POST["department_build"]));
$title = utf8_encode(htmlspecialchars($_POST["title_build"]));
$dn="CN=$name OU=Users, o=Domocom, c=net";

$ds = ldap_connect("192.168.1.1",389);  
if ($ds) {

    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); // IMPORTANT
    ldap_bind($ds, "[email protected]", "password");

    // Prépareles données
    $cn = $info["cn"] = "$lastname $name";
    $info["sn"]="$name";
    $info["givenname"]="$lastname";
    $info["displayname"]="$lastname $name";
    $info["name"]="$lastname $name";
    $info["userprincipalname"]= "[email protected]";
    $info["samaccountname"]= "$lastname.$name";
    $info["title"]="$title";
    $info["department"]="$department";
    $info["mail"]="[email protected]";
    $info["postalcode"]="69009";
    $info["objectClass"][0]="user";
    //$info['userPassword'] = "password";
    //$info["useraccountcontrol"]=544;

    $r = ldap_add($ds,"CN=$cn,OU=Users,OU=Direction,OU=Domocom-SP,DC=domocom,DC=net", $info);
    ldap_close($ds);
} else {
    echo "unable to connect to ldap server";
}
?>

Thanks a lot.

PS : it's fake society for my school. :p

Upvotes: 2

Views: 2809

Answers (1)

heiglandreas
heiglandreas

Reputation: 3861

If it's an AD you might need to use a secure LDAP-Connection.

For that you'll need to call ldap_connect('ldaps://192.168.1.1:<port of the AD>');. Calling ldap_connect with two parameters is deprecated and should be avoided. Use it with an LDAP-URI!

You can also omit the if…else around the ldap_connect as it will return true in almost all cases. And a true return-value does not mean that a connection to the server actually as established. A connection is first established on the first ldap_-command that needs a connection which is typically ldap_bind.

And then you might want to have a look at Change AD password using PHP, Issue updating AD password using PHP and Change AD Password using PHP/COM/ADSI/LDAP

Upvotes: 1

Related Questions