Reputation: 13
LDAP CHANGE PASSWORD PHP
I want to change user's password [unicodePwd] on Windows Active Directory using PHP LDAP.
I am using Windows Active Directory via PHP LDAP.
I don't have any issues connection to it.
I don't have any issues collecting data.
I don't have any issues changing attributes using ldap_mod_replace or ldap_modify
except for the "unicodePwd".
*note that this works
$user['telephonenumber'] = '1234567890';
*note that this does'nt work
$user['unicodePwd'] = mb_convert_encoding('my_new_password', "UTF-16LE");
// CODE
$result = ldap_modify($ldap, $dn, $user);
return ldap_error($ldap);
// CODE
// ERROR ON CHANGING unicodePwd
ldap_modify(): Modify: Server is unwilling to perform
// NO ERROR FOR telephonenumber
- 06/11/2018 Problem,
I can't setup my server to have ldap over ssl. Already tried installing AD CS, nothing worked so far. Still configuring my server any idea about installing CA(Certificate Authority) to be used in LDAP over SSL?
- 06/20/2018 Problem, NEW PROBLEM
Already setup LDAP OVER SSL, i can also use ldap using the
cmd->ldp; port 389, and 636 with ssl is good.
but when i run it in my php using port 636 or ldaps://servername this is the error,
ldap_bind(): Unable to bind to server: Can't contact LDAP server
Upvotes: 1
Views: 5459
Answers (2)
Reputation: 1
i`m trying to do the same script and have fixed your problem: ldap_modify(): Modify: Server is unwilling to perform
from : $user['unicodePwd'] to: $user['userPassword']
after using ldap_mod_replace everything is okey. No errors but chainging password script didnt change my test user password . Dont know why. There is no error. i have check from ldap server logs.
and see only the connection login from my ip where is the script. but there is no log about changing user password.
Upvotes: 0
Reputation: 13004
You need to be on a secured connection to modify a password (and probably other security related options).
Add the following before you call ldap_bind():
ldap_start_tls($ldap);
This is a good idea even if you aren't trying to change a password as otherwise your bind operation is cleartext and can be sniffed.
If you see this error:
Warning: ldap_start_tls(): Unable to start TLS: Connect error in ...
You can workaround the issue by adding the following line before you call ldap_connect:
putenv('LDAPTLS_REQCERT=never');
WARNING: This disables checking the validity of the LDAP server certificate! Ideally you should add the server certificate (or its signing CA) to your trusted store.
Upvotes: 1
Related Questions
- Change LDAP user password using PHP in windows server 2008
- PHP-LDAP change password
- Reset a LDAP Password with PHP
- Changing Active Directory user password with PHP script
- Changing (not resetting) a users password using PHP LDAP
- Change AD Password using PHP/COM/ADSI/LDAP
- Issue updating AD password using PHP
- adLDAP user must change password
- PHP & IIS: LDAPS Connection for Password Change
- php ldap user password change ldap_modify ldap_mod_replace