realjumper Posted August 30, 2006 Share Posted August 30, 2006 Hi,I am making good headway with LDAP, and now users can authenticate via a PHP form with no problem. What I would to do now, is to allow users to change their passwords. I give all new users a default password based on their first intial + last name, which is a pretty standard naming convention, but I want users to change their passwords if they want to. I can't find any documentation online as to how to go about this. Can anyone help please? Here is my login authentication script...Thanks,Neil[code]$username = $_POST['username'];$passwd = $_POST['passwd']; $ds=ldap_connect("xxx.xx.xxx.x"); if(!$ds) { print "Cannot authenticate at this time...please try again soon"; exit(0); } else {// print "<br>connected"; } $username = "$username"; $upasswd = "$passwd"; $base_dn = "cn=users, dc=directory,dc=123,dc=45,dc=67"; $rdn = "uid=$username, " . $base_dn; ldap_set_option($ldap_connect, LDAP_OPT_PROTOCOL_VERSION, 3); $ldapbind = ldap_bind($ds, $rdn, $upasswd); if ($ldapbind) { print "<p style=\"margin-top:200px;text-align:center\">Authenticating.....</p>"; setcookie ("username", "$username", time()+3600, "/"); Header("Location: ../intranet/index.php?login=$username"); } else{ Header("Location: no_access.php"); }ldap_close($ds); //close the ldap connection[/code] Quote Link to comment Share on other sites More sharing options...
hitman6003 Posted August 30, 2006 Share Posted August 30, 2006 If you are connecting to a MS ActiveDirectory controller and you are doing password resets, then the person changing the password must be an administrator for the domain. If the user is changing their own AD (windows) login password, then they are able to change it by supplying their current password and their new password, however, there is no point in it since it's easier to do ctrl-alt-del and click "change password".Anyway, did you try google?http://www.google.com/search?hl=en&lr=&q=ldap+change+password+php&btnG=Search Quote Link to comment Share on other sites More sharing options...
realjumper Posted August 30, 2006 Author Share Posted August 30, 2006 Hi.It is actually Open Directory running on a MAC 10.4 machine...which is FreeBSD as far as I know. Seeing as the server is Unix, I would have thought that documentation for allowing users to change passwords woud have been all over google....but it seems not. I can't really understand this as it's good from a users standpoint to change their passwords from time to time.....and it's necessary as users may not like the default password they are given when they get an account on the network. I'm sure that this is possible.....I think Moodle allows this to happen, but that applications code is just sooo deeply buried that I can't understand what the hell is going on!!! LOL Quote Link to comment Share on other sites More sharing options...
realjumper Posted August 31, 2006 Author Share Posted August 31, 2006 Anyone else want to have a crack at this please?.....I'm all googled out!! ;) Quote Link to comment Share on other sites More sharing options...
realjumper Posted August 31, 2006 Author Share Posted August 31, 2006 Anyone??? I'm still no further ahead with this Quote Link to comment Share on other sites More sharing options...
HeyRay2 Posted August 31, 2006 Share Posted August 31, 2006 Here's a thread on OpenLDAP.org that deals with this issue.http://www.openldap.org/lists/openldap-software/200212/msg00200.htmlHappy reading ... ;) Quote Link to comment Share on other sites More sharing options...
realjumper Posted August 31, 2006 Author Share Posted August 31, 2006 Thanks...I was reading this yesterday and although it goes part of the way in explaining what's happening, it doesn't actually answer the question. That script connects to LDAP, which I can do already, but the bit in their code that says "Bind sucsessfully, code to change password".....*thats* the piece of code that I need, and need to understand....I don't know the code to change the password...and they don't mention it!!!But many thanks :) Quote Link to comment Share on other sites More sharing options...
HeyRay2 Posted August 31, 2006 Share Posted August 31, 2006 I think you're looking for:[code=php:0]ldap_modify($ds, $dn, $new);[/code] ;) Quote Link to comment Share on other sites More sharing options...
realjumper Posted August 31, 2006 Author Share Posted August 31, 2006 Yup, I'm looking at that right now on php.net. It seems to be saying that only an administrator can modify passowrds, but don't quote me on that as I am going to try it shortly ;) Quote Link to comment Share on other sites More sharing options...
realjumper Posted August 31, 2006 Author Share Posted August 31, 2006 Hmmm......I have tried this......but...[code]$username = justme;$passwd = abcdefg; $ds=ldap_connect("xxx.xx.xxx.x"); if(!$ds) { print "Cannot authenticate at this time...please try again soon"; exit(0); } else { print "<br>connected"; } $username = "$username"; $upasswd = "$passwd"; $base_dn = "cn=users, dc=directory,dc=xxx,dc=xx,dc=xx"; $rdn = "uid=$username, " . $base_dn; ldap_set_option($ldap_connect, LDAP_OPT_PROTOCOL_VERSION, 3); $ldapbind = ldap_bind($ds, $rdn, $upasswd); if ($ldapbind) { echo "<p>Bound!</p><p>"; $newPassword = "skydive"; $userdata = $newPassword; $result = ldap_modify($ds, $rdn, $userdata); if ($result) echo "User modified!" ; else echo "There was a problem!"; } else{print "<p style=\"margin-top:200px;text-align:center\">Not Authenticating</p>"; }ldap_close($ds); //close the ldap connection[/code]...the result it this....connectedBound!There was a problem!So, even though I hard coded the current username and password, and I hard coded the new password, nothing changed. Obviously I have connected and bound to LDAP, but I (still) can't update the password!!Woe is me! Quote Link to comment Share on other sites More sharing options...
realjumper Posted September 3, 2006 Author Share Posted September 3, 2006 Okay... here is my latest attempt. I am trying really hard to find the solution to this problem and I'm sure that someone here must be able help me as this just can't be a problem that is unique to me seeing as LDAP use is widespread. Please, help me if you can. Thanks.[code]$username = justme;$passwd = testpass; $ds=ldap_connect("xxx.xx.xxx.x"); if(!$ds) { print "Cannot authenticate at this time...please try again soon"; exit(0); } else { print "<br>connected"; $newpass = "skydive"; $username = "$username"; $base_dn = "cn=users, dc=directory,dc=xxx,dc=xx,dc=xx"; $rdn = "uid=$username, " . $base_dn; ldap_set_option($ldap_connect, LDAP_OPT_PROTOCOL_VERSION, 3); $ldapbind = ldap_bind($ds, $rdn, $upasswd); if ($ldapbind) { echo "<p>Bind successful"; if(ldap_modify($ds, $rdn, $newpass)) { echo "<p>The entry was modified successfully"; } else { echo "<p>The entry couldnt be modified"; } } //end of bind if condition } //end of connect if condition[/code]The result from running this code:connectedBind successfulThe entry couldnt be modified ??? Quote Link to comment Share on other sites More sharing options...
ODiN91 Posted September 21, 2006 Share Posted September 21, 2006 I'm not sure if you administer the LDAP servers, but is it possible that you're connecting to a read-only LDAP server rather than one that is not? Quote Link to comment Share on other sites More sharing options...
realjumper Posted September 21, 2006 Author Share Posted September 21, 2006 Hi,Thanks for the reply....especially as I still haven't resolved this problem.The LDAP server, that is in my office, is set up so that users, once authenticated have the privilige to change their own password only. If they connect to the server via the gui on their workstations then they can change their passowords, no problem. However, staff have their own workstations but students do not. We have some 6oo students who use the lab machines of which there are about 60, or else their own laptops which connect to the network via radio link. We are wanting to open the Intranet server (which authenticates users via the LDAP server) so that access from outside campus is available, and therefore we also want to allow users to change their LDAP passwords via PHP which is more or less essential from an extra mural students standpoint. I know this is possible, but other than what I have tried I have run out of ideas as there seems to be no PHP documentaion available on the whole Internet!!!! :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.