使用PHP更改Active Directory中的密码时出错
使用PHP更改Active Directory中的密码时出错
提问于 2020-08-06 22:18:34
你好,下午好,在网上搜索如何使用PHP更改Active Directory中的用户密码,我发现下面的代码只修改了访问,但它在函数ldap_mod_replace().中标记了一个错误
你能帮我修一下错误吗?
我分享我的代码
PHP代码
<?php
$user_name = "(sAMAccountName=Write UserName of user whose password wants to change)"; //Dont remove parentheses brackets
$user_password = "NewPassword117";
$ldap_conn = create_ldap_connection();
$userDn = get_user_dn($ldap_conn, $user_name);
$userdata = pwd_encryption ($user_password);
$result = ldap_mod_replace($ldap_conn, $userDn , $userdata);
/* Check whether the password updated successfully or not. */
if ($result)
die("Password changed successfully!");
else
die("Error: Please try again later!");
function create_ldap_connection(){
$ldaps_url = "MyIP"; // Example 192.168.100.1
$ldap_conn = ldap_connect($ldaps_url) or die("Sorry! Could not connect to LDAP server ($ip)");
ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, 3);
$password = "MyPassword";
$binddn = "MyUser";
$result = ldap_bind($ldap_conn, $binddn, $password) or die("Error: Couldn't bind to server using provided credentials!");
if($result) {
return $ldap_conn;
} else {
die (" Error: Couldn't bind to server with supplied credentials!");
}
}
function get_user_dn($ldap_conn, $user_name) {
/* Write the below details as per your AD setting */
$basedn = "DC=AD Test,DC=Local";
/* Search the user details in AD server */
$searchResults = ldap_search( $ldap_conn, $basedn, $user_name );
if ( !is_resource( $searchResults ) ) die('Error in search results.');
/* Get the first entry from the searched result */
$entry = ldap_first_entry( $ldap_conn, $searchResults );
return ldap_get_dn( $ldap_conn, $entry );
}
function pwd_encryption( $newPassword ) {
$newPassword = "\"" . $newPassword . "\"";
$len = strlen( $newPassword );
$newPassw = "";
for ( $i = 0; $i < $len; $i++ ) {
$newPassw .= "{$newPassword {$i}}\000";
}
$userdata["unicodePwd"] = $newPassw; return $userdata;
}
?>错误
回答 1
Stack Overflow用户
发布于 2020-08-09 11:52:06
“不愿表演”的意思是“我不能做你要我做的事”。它总是意味着你做错了什么。在这个案子里可能是几件事。
为了能够更改密码,连接必须是安全的,这可以用LDAPS (LDAP over SSL)来完成。我确实在$ldaps_url中看到了一个$ldaps_url,但是在它旁边的使用IP地址的例子是行不通的。首先,它之前必须有ldaps://,但是IP地址对SSL不起作用。用于连接的域名必须与服务器发送的SSL证书上的域名匹配,并且证书没有IP地址。
所以这一行应该是这样的:
$ldaps_url = "ldaps://example.com";或者也可以是密码的格式。似乎您从ldap_mod_replace()文档中的注释中提取了一些代码来格式化密码,但我认为在ldap_modify_batch()文档中有一个更简单的例子
function adifyPw($pw)
{
return iconv("UTF-8", "UTF-16LE", '"' . $pw . '"');
}这意味着您可以将pwd_encryption函数更改为:
function pwd_encryption( $newPassword ) {
$userdata["unicodePwd"] = iconv("UTF-8", "UTF-16LE", '"' . $newPassword . '"');
return $userdata;
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/63292524
复制相关文章
相似问题
腾讯云开发者
