我创build了一个php脚本(使用XAMPP服务器和php_ldap.dll库)来更改AD用户密码(我正在使用Admin帐户进行身份validation):
$server = "ldaps://xx.xx.xx.xx"; $dn = "dc=domainname,dc=com"; $port = 636; ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7); $con = ldap_connect($server, $port); ldap_set_option($con, LDAP_OPT_REFERRALS, 0); ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3); $bind = ldap_bind($con, 'CN=Admin,CN=Users,DC=DOMIAN,DC=COM', 'password'); $user_search = ldap_search($con,$dn,'(sAMAccountName='.$user.')'); $user_get = ldap_get_entries($con, $user_search); $user_entry = ldap_first_entry($con, $user_search); $user_dn = ldap_get_dn($con, $user_entry); $user = 'validuser'; $oldPassword = 'oldpass'; $newPassword = 'newpass'; $encoded_newPassword = "{SHA}" . base64_encode( pack( "H*", sha1( $newPassword ) ) ); /* Change the password */ $entry = array(); $entry["userPassword"] = "$encoded_newPassword"; if (ldap_modify($con,$user_dn,$entry) === false){ $error = ldap_error($con); $errno = ldap_errno($con); echo "$errno - $error"; } else { echo "yes"; } 另外,我在C:\ OpenLDAP \ sysconf中创build了一个ldap.conf文件:
TLS_REQCERT never
但ldap_modify / ldap_mod_replace函数返回TRUE (“yes”)消息。 密码更改testing是用我自己的用户帐户,但它仍然有相同的密码。
我怀疑是userPassword属性,因为当我从用户获得ldap_get_entries,我看不到这个属性,但如果我有pipe理员帐户的“所有权限”,为什么不能看到密码attr? 我需要更多的优惠吗? 或者在LDAP / Apache中需要什么样的configuration?
提前致谢