如何通过PHP LDAP类修改Active Directory中的“ cn”和“ name”属性
[英]How to modify the “cn” and “name” attributes in Active Directory via PHP LDAP class
问题描述
I am trying to change the Active directory information using a PHP script. 
我正在尝试使用PHP脚本更改Active Directory信息。
I as able to change all the attributes that I need except the "cn" and the "name" attributes. 我可以更改除“ cn”和“ name”属性之外的所有所需属性。
When I tried changing them I got an error "Server is unwilling to perform" 尝试更改它们时,出现错误“服务器不愿意执行”
Warning: ldap_modify(): Modify: Server is unwilling to perform
Also when I try to change the password, it does not work. 另外,当我尝试更改密码时,它不起作用。 I don't get any error/warnings but it does not change the password. 我没有收到任何错误/警告,但它没有更改密码。 (as you can see I am trying to change the password to Mike@1234567. the update works as I am able to see the new value but it does not change the user password. (ie, the new userPassword value is {SHA}i9Ai8Y8xRGcXEd3mpZ4x6JhHkWM=) (如您所见,我正在尝试将密码更改为Mike @ 1234567。此更新可以正常运行,因为我能够看到新值,但不会更改用户密码。(即,新的userPassword值为{SHA} i9Ai8Y8xRGcXEd3mpZ4x6JhHkWM =)
The following is the function I am using to make the modification to the entries 以下是我用来修改条目的函数
function userchange($username, $firstName, $lastName, $domadlogin, $domadpw, $domctrl, $enable=1, $ldapBase = 'DC=domain,DC=com', $new_status = 512, $password = 'Mike@1234567'){
$ds = ldap_connect($domctrl);
if (!$ds)
die('Cannot Connect to LDAP server');
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
$ldapBind = ldap_bind($ds,$domadlogin,$domadpw);
if (!$ldapBind)
die('Cannot Bind to LDAP server');
$sr = ldap_search($ds, $ldapBase, '(samaccountname='.$username.')');
$ent= ldap_get_entries($ds,$sr);
$dn=$ent[0]["dn"];
$userdata=array();
$new = 514; //disable?
if ($enable == 1)
$new = $new_status;
//change the user status
$userdata["useraccountcontrol"] = $new;
$userdata["cn"] = $firstName.' '.$lastName;
$userdata['name'] = $firstName.' '.$lastName;
$userdata['displayname'] = $firstName.' '.$lastName;
$userdata['givenname'] = $firstName;
$userdata['sn'] = $lastName;
$update_ldap = ldap_modify($ds, $dn, $userdata);
if(!$update_ldap)
return false;
$sr = ldap_search($ds, $ldapBase, '(samaccountname='.$username.')');
$ent= ldap_get_entries($ds,$sr);
$new_first_ent = ldap_first_entry($ds,$sr);
if(!empty($password)){
$encode_password = "{SHA}" . base64_encode( pack( "H*", sha1( $password ) ) );
$newEntry['userpassword'] = "$encode_password";
$update_ldap = ldap_mod_replace($ds, $dn, $newEntry );
if(!$update_ldap)
return false;
}
ldap_close($ds);
return true;
}
1 个解决方案
解决方案1
5 2014-04-23 14:54:38
First , when you want to modify the attributes used to build the distinguish name (DN) you modify the so called Relative Distinguished Name (RDN). 首先 ,当您想要修改用于构建专有名称(DN)的属性时,可以修改所谓的相对专有名称(RDN)。 On the LDAP point of view you have to use a special verb for that (modRDN), this means that you should use a special API in PHP. 从LDAP的角度来看,您必须为此使用一个特殊的动词(modRDN),这意味着您应该在PHP中使用一个特殊的API。 PHP is not my environment, but I suppose that ldap_rename , will do the trick. PHP不是我的环境,但是我认为ldap_rename可以解决问题。
Second , As far Active-directory is concerned the password is not in ' userpassword ' but in ' unicodePwd ', you've got an example in this other Stckoverflow question . 其次 ,就Active-directory而言,密码不是在' userpassword '中而是在' unicodePwd '中,您在另一个Stckoverflow问题中有一个示例。 And, be carefull, you need to use LDAPS to set ' unicodePwd '. 并且要小心,您需要使用LDAPS来设置' unicodePwd '。 You can also have a look in Changing Active Directory passwords via LDAP using PHP . 您还可以查看使用PHP通过LDAP更改Active Directory密码 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.