wwfc_barmy_army Posted October 20, 2008 Share Posted October 20, 2008 Hello. How can i disable an account using PHP and LDAP? I can bind to the server fine. web server - Windows xp with XAMPP server - windows server 2008 Thanks in advance. Link to comment https://forums.phpfreaks.com/topic/129205-solved-disabling-account-using-ldap-and-php/ Share on other sites More sharing options...
MadTechie Posted October 20, 2008 Share Posted October 20, 2008 If you want to disable an account in an Active Directory of Windows, you may try this: (foo.bar should be replaced in "$ldapBase" to the correct domain, e.g. "DC=phpfreaks,DC=com" if your domain is phpfreaks.com) #domctrl = domain controller #domadlogin = domain admin login #domadpw = domain admin password #username = loginname of useraccount (e.g. "john.doe") #enable =1 (if you want to enable it, 0 if it should be disabled) <?php function userchange($username,$enable=1,$domadlogin,$domadpw,$domctrl) { $ldapServer = $domctrl; $ldapBase = 'DC=foo,DC=bar'; $ds = ldap_connect($ldapServer); if (!$ds) {die('Cannot Connect to LDAP server');} $ldapBind = ldap_bind($ds,$domadlogin,$domadpw); if (!$ldapBind) {die('Cannot Bind to LDAP server');} ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); $sr = ldap_search($ds, $ldapBase, "(samaccountname=$username)"); $ent= ldap_get_entries($ds,$sr); $dn=$ent[0]["dn"]; // Deactivate $ac = $ent[0]["useraccountcontrol"][0]; $disable=($ac | 2); // set all bits plus bit 1 (=dec2) $enable =($ac & ~2); // set all bits minus bit 1 (=dec2) $userdata=array(); if ($enable==1) $new=$enable; else $new=$disable; //enable or disable? $userdata["useraccountcontrol"][0]=$new; ldap_modify($ds, $dn, $userdata); //change state $sr = ldap_search($ds, $ldapBase, "(samaccountname=$username)"); $ent= ldap_get_entries($ds,$sr); $ac = $ent[0]["useraccountcontrol"][0]; if (($ac & 2)==2) $status=0; else $status=1; ldap_close($ds); return $status; //return current status (1=enabled, 0=disabled) } // use this to disable an account: // userchange('[email protected]',0,'[email protected]', 'secret','domctrl.foo.bar'); // ..but this to enable it: // userchange('[email protected]',1,'[email protected]', 'secret','domctrl.foo.bar'); ?> Link to comment https://forums.phpfreaks.com/topic/129205-solved-disabling-account-using-ldap-and-php/#findComment-669938 Share on other sites More sharing options...
wwfc_barmy_army Posted October 20, 2008 Author Share Posted October 20, 2008 Spot on. After a lot of messing about i've got it working Thanks again. Link to comment https://forums.phpfreaks.com/topic/129205-solved-disabling-account-using-ldap-and-php/#findComment-670038 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.