Jump to content


Photo

LDAP allow users to change their password


  • Please log in to reply
12 replies to this topic

#1 realjumper

realjumper
  • Members
  • PipPipPip
  • Advanced Member
  • 399 posts

Posted 30 August 2006 - 08:49 PM

Hi,

I am making good headway with LDAP, and now users can authenticate via a PHP form with no problem. What I would to do now, is to allow users to change their passwords. I give all new users a default password based on their first intial + last name, which is a pretty standard naming convention, but I want users to change their passwords if they want to. I can't find any documentation online as to how to go about this. Can anyone help please? Here is my login authentication script...

Thanks,
Neil


$username = $_POST['username'];
$passwd = $_POST['passwd'];
  
$ds=ldap_connect("xxx.xx.xxx.x");
	if(!$ds)
	{
		print "Cannot authenticate at this time...please try again soon";
		exit(0);
	}
	
	else
	{
//	print "<br>connected";
	
	}
   $username = "$username";
   $upasswd = "$passwd";
   $base_dn = "cn=users, dc=directory,dc=123,dc=45,dc=67";
   $rdn = "uid=$username, " . $base_dn;
   
   ldap_set_option($ldap_connect, LDAP_OPT_PROTOCOL_VERSION, 3);
   $ldapbind = ldap_bind($ds, $rdn, $upasswd);


   if ($ldapbind) 
       {
        print "<p style=\"margin-top:200px;text-align:center\">Authenticating.....</p>";

        setcookie ("username", "$username", time()+3600, "/");

        Header("Location: ../intranet/index.php?login=$username");

        }
         else{
      
                Header("Location: no_access.php");
               }

ldap_close($ds);    //close the ldap connection



#2 hitman6003

hitman6003
  • Members
  • PipPipPip
  • Advanced Member
  • 1,807 posts

Posted 30 August 2006 - 08:55 PM

If you are connecting to a MS ActiveDirectory controller and you are doing password resets, then the person changing the password must be an administrator for the domain.  If the user is changing their own AD (windows) login password, then they are able to change it by supplying their current password and their new password, however, there is no point in it since it's easier to do ctrl-alt-del and click "change password".

Anyway, did you try google?

http://www.google.co...php&btnG=Search

#3 realjumper

realjumper
  • Members
  • PipPipPip
  • Advanced Member
  • 399 posts

Posted 30 August 2006 - 09:09 PM

Hi.

It is actually Open Directory running on a MAC 10.4 machine...which is FreeBSD as far as I know. Seeing as the server is Unix, I would have thought that documentation for allowing users to change passwords woud have been all over google....but it seems not. I can't really understand this as it's good from a users standpoint to change their passwords from time to time.....and it's necessary as users may not like the default password they are given when they get an account on the network. I'm sure that this is possible.....I think Moodle allows this to happen, but that applications code is just sooo deeply buried that I can't understand what the hell is going on!!! LOL

#4 realjumper

realjumper
  • Members
  • PipPipPip
  • Advanced Member
  • 399 posts

Posted 31 August 2006 - 12:21 AM

Anyone else want to have a crack at this please?.....I'm all googled out!! ;)

#5 realjumper

realjumper
  • Members
  • PipPipPip
  • Advanced Member
  • 399 posts

Posted 31 August 2006 - 09:04 PM

Anyone??? I'm still no further ahead with this

#6 HeyRay2

HeyRay2
  • Members
  • PipPipPip
  • Advanced Member
  • 223 posts

Posted 31 August 2006 - 09:30 PM

Here's a thread on OpenLDAP.org that deals with this issue.

http://www.openldap....2/msg00200.html

Happy reading ...  ;)

#7 realjumper

realjumper
  • Members
  • PipPipPip
  • Advanced Member
  • 399 posts

Posted 31 August 2006 - 09:36 PM

Thanks...I was reading this yesterday and although it goes part of the way in explaining what's happening, it doesn't actually answer the question. That script connects to LDAP, which I can do already, but the bit in their code that says "Bind sucsessfully, code to change password".....*thats* the piece of code that I need, and need to understand....I don't know the code to change the password...and they don't mention it!!!

But many thanks :)

#8 HeyRay2

HeyRay2
  • Members
  • PipPipPip
  • Advanced Member
  • 223 posts

Posted 31 August 2006 - 09:52 PM

I think you're looking for:

ldap_modify($ds, $dn, $new);

;)

#9 realjumper

realjumper
  • Members
  • PipPipPip
  • Advanced Member
  • 399 posts

Posted 31 August 2006 - 09:54 PM

Yup, I'm looking at that right now on php.net. It seems to be saying that only an administrator can modify passowrds, but don't quote me on that as I am going to try it shortly ;)

#10 realjumper

realjumper
  • Members
  • PipPipPip
  • Advanced Member
  • 399 posts

Posted 31 August 2006 - 11:18 PM

Hmmm......I have tried this......but...


$username = justme;
$passwd = abcdefg;
  
$ds=ldap_connect("xxx.xx.xxx.x");
	if(!$ds)
	{
		print "Cannot authenticate at this time...please try again soon";
		exit(0);
	}
	
	else
	{
	print "<br>connected";
	
	}
   $username = "$username";
   $upasswd = "$passwd";
   $base_dn = "cn=users, dc=directory,dc=xxx,dc=xx,dc=xx";
   $rdn = "uid=$username, " . $base_dn;
   
   ldap_set_option($ldap_connect, LDAP_OPT_PROTOCOL_VERSION, 3);
   $ldapbind = ldap_bind($ds, $rdn, $upasswd);


   if ($ldapbind) 
       {
		  	echo "<p>Bound!</p><p>";
		  	$newPassword = "skydive";
			$userdata = $newPassword;
			$result = ldap_modify($ds, $rdn, $userdata);
			if ($result) echo "User modified!" ;
			else echo "There was a problem!";

	   		}
   else{
print "<p style=\"margin-top:200px;text-align:center\">Not Authenticating</p>";       
       

}

ldap_close($ds);    //close the ldap connection


...the result it this....

connected
Bound!

There was a problem!

So, even though I hard coded the current username and password, and I hard coded the new password, nothing changed. Obviously I have connected and bound to LDAP, but I (still) can't update the password!!

Woe is me!



#11 realjumper

realjumper
  • Members
  • PipPipPip
  • Advanced Member
  • 399 posts

Posted 03 September 2006 - 09:27 PM

Okay... here is my latest attempt. I am trying really hard to find the solution to this problem and I'm sure that someone here must be able help me as this just can't be a problem that is unique to me seeing as LDAP use is widespread. Please, help me if you can. Thanks.


$username = justme;
$passwd = testpass;
  
$ds=ldap_connect("xxx.xx.xxx.x");
	if(!$ds)
	{
		print "Cannot authenticate at this time...please try again soon";
		exit(0);
	}
	
	else
	{
	print "<br>connected";
	

   $newpass = "skydive";
   $username = "$username";
   $base_dn = "cn=users, dc=directory,dc=xxx,dc=xx,dc=xx";
   $rdn = "uid=$username, " . $base_dn;
   
   ldap_set_option($ldap_connect, LDAP_OPT_PROTOCOL_VERSION, 3);
   $ldapbind = ldap_bind($ds, $rdn, $upasswd);

   if ($ldapbind) 
       {
    echo "<p>Bind successful"; 

if(ldap_modify($ds, $rdn, $newpass)) 
{ 
echo "<p>The entry was modified successfully"; 
 } 
else { 
     echo "<p>The entry couldnt be modified"; 
     } 

       } //end of bind if condition 
    } //end of connect if condition


The result from running this code:

connected

Bind successful

The entry couldnt be modified

???

#12 ODiN91

ODiN91
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 21 September 2006 - 09:02 PM

I'm not sure if you administer the LDAP servers, but is it possible that you're connecting to a read-only LDAP server rather than one that is not?

#13 realjumper

realjumper
  • Members
  • PipPipPip
  • Advanced Member
  • 399 posts

Posted 21 September 2006 - 11:05 PM

Hi,

Thanks for the reply....especially as I still haven't resolved this problem.The LDAP server, that is in my office, is set up so that users, once authenticated have the privilige to change their own password only. If they connect to the server via the gui on their workstations then they can change their passowords, no problem. However, staff have their own workstations but students do not. We have some 6oo students who use the lab machines of which there are about 60, or else their own laptops which connect to the network via radio link. We are wanting to open the Intranet server (which authenticates users via the LDAP server) so that access from outside campus is available, and therefore we also want to allow users to change their LDAP passwords via PHP which is more or less essential from an extra mural students standpoint. I know this is possible, but other than what I have tried I have run out of ideas as there seems to be no PHP documentaion available on the whole Internet!!!! :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users