[英]Error changing password in Active Directory using PHP
Hello good afternoon search on the internet how to change a user's password in Active Directory using PHP, I found the following code modifying only the accesses, but it is marking an error in the function ldap_mod_replace().您好,下午好,在互联网上搜索如何使用 PHP 在 Active Directory 中更改用户密码,我发现以下代码仅修改了访问权限,但它在 function ldap_mod_replace() 中标记错误。
Could you help me fix the error?你能帮我修复错误吗?
I share my code我分享我的代码
PHP Code PHP 代码
<?php
$user_name = "(sAMAccountName=Write UserName of user whose password wants to change)"; //Dont remove parentheses brackets
$user_password = "NewPassword117";
$ldap_conn = create_ldap_connection();
$userDn = get_user_dn($ldap_conn, $user_name);
$userdata = pwd_encryption ($user_password);
$result = ldap_mod_replace($ldap_conn, $userDn , $userdata);
/* Check whether the password updated successfully or not. */
if ($result)
die("Password changed successfully!");
else
die("Error: Please try again later!");
function create_ldap_connection(){
$ldaps_url = "MyIP"; // Example 192.168.100.1
$ldap_conn = ldap_connect($ldaps_url) or die("Sorry! Could not connect to LDAP server ($ip)");
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
$password = "MyPassword";
$binddn = "MyUser";
$result = ldap_bind($ldap_conn, $binddn, $password) or die("Error: Couldn't bind to server using provided credentials!");
if($result) {
return $ldap_conn;
} else {
die (" Error: Couldn't bind to server with supplied credentials!");
}
}
function get_user_dn($ldap_conn, $user_name) {
/* Write the below details as per your AD setting */
$basedn = "DC=AD Test,DC=Local";
/* Search the user details in AD server */
$searchResults = ldap_search( $ldap_conn, $basedn, $user_name );
if ( !is_resource( $searchResults ) ) die('Error in search results.');
/* Get the first entry from the searched result */
$entry = ldap_first_entry( $ldap_conn, $searchResults );
return ldap_get_dn( $ldap_conn, $entry );
}
function pwd_encryption( $newPassword ) {
$newPassword = "\"" . $newPassword . "\"";
$len = strlen( $newPassword );
$newPassw = "";
for ( $i = 0; $i < $len; $i++ ) {
$newPassw .= "{$newPassword {$i}}\000";
}
$userdata["unicodePwd"] = $newPassw; return $userdata;
}
?>
Error错误
"Unwilling to perform" means "I can't do what you're asking me to do". “不愿意执行”的意思是“我不能做你要我做的事情”。 It always means you've done something wrong.它总是意味着你做错了什么。 It could be a couple things in this case.在这种情况下,这可能是几件事。
To be able to change the password, the connection has to be secure, which can be done with LDAPS (LDAP over SSL).为了能够更改密码,连接必须是安全的,这可以通过 LDAPS(LDAP over SSL)来完成。 I do see an s
in $ldaps_url
, but your example beside it of using an IP address wouldn't work.我确实在$ldaps_url
中看到了一个s
,但是您旁边使用 IP 地址的示例不起作用。 First, it must be preceded by ldaps://
, but also an IP address just doesn't work for SSL.首先,它必须以ldaps://
开头,但 IP 地址也不适用于 SSL。 The domain name you use to connect must match a domain name on the SSL certificate that the server sends you, and certificates don't have IP addresses.您用于连接的域名必须与服务器发送给您的 SSL 证书上的域名匹配,并且证书没有 IP 地址。
So that line should look something like this:所以这条线应该是这样的:
$ldaps_url = "ldaps://example.com";
Or it could be the format of the password too.或者它也可能是密码的格式。 It seems like you took some code from the comments in the ldap_mod_replace()
documentation for formatting the password, but I think there's a far more simple example in the documentation for ldap_modify_batch()
:似乎您从ldap_mod_replace()
文档中的注释中获取了一些代码来格式化密码,但我认为ldap_modify_batch()
() 文档中有一个更简单的示例:
function adifyPw($pw)
{
return iconv("UTF-8", "UTF-16LE", '"' . $pw . '"');
}
That means you could change your pwd_encryption
function to this:这意味着您可以将pwd_encryption
function 更改为:
function pwd_encryption( $newPassword ) {
$userdata["unicodePwd"] = iconv("UTF-8", "UTF-16LE", '"' . $newPassword . '"');
return $userdata;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.