Jump to content

LDAP allow users to change their password


realjumper

Recommended Posts

Hi,

I am making good headway with LDAP, and now users can authenticate via a PHP form with no problem. What I would to do now, is to allow users to change their passwords. I give all new users a default password based on their first intial + last name, which is a pretty standard naming convention, but I want users to change their passwords if they want to. I can't find any documentation online as to how to go about this. Can anyone help please? Here is my login authentication script...

Thanks,
Neil

[code]

$username = $_POST['username'];
$passwd = $_POST['passwd'];
 
$ds=ldap_connect("xxx.xx.xxx.x");
if(!$ds)
{
print "Cannot authenticate at this time...please try again soon";
exit(0);
}

else
{
// print "<br>connected";

}
  $username = "$username";
  $upasswd = "$passwd";
  $base_dn = "cn=users, dc=directory,dc=123,dc=45,dc=67";
  $rdn = "uid=$username, " . $base_dn;
 
  ldap_set_option($ldap_connect, LDAP_OPT_PROTOCOL_VERSION, 3);
  $ldapbind = ldap_bind($ds, $rdn, $upasswd);


  if ($ldapbind)
      {
        print "<p style=\"margin-top:200px;text-align:center\">Authenticating.....</p>";

        setcookie ("username", "$username", time()+3600, "/");

        Header("Location: ../intranet/index.php?login=$username");

        }
        else{
     
                Header("Location: no_access.php");
              }

ldap_close($ds);    //close the ldap connection

[/code]
Link to comment
Share on other sites

If you are connecting to a MS ActiveDirectory controller and you are doing password resets, then the person changing the password must be an administrator for the domain.  If the user is changing their own AD (windows) login password, then they are able to change it by supplying their current password and their new password, however, there is no point in it since it's easier to do ctrl-alt-del and click "change password".

Anyway, did you try google?

http://www.google.com/search?hl=en&lr=&q=ldap+change+password+php&btnG=Search
Link to comment
Share on other sites

Hi.

It is actually Open Directory running on a MAC 10.4 machine...which is FreeBSD as far as I know. Seeing as the server is Unix, I would have thought that documentation for allowing users to change passwords woud have been all over google....but it seems not. I can't really understand this as it's good from a users standpoint to change their passwords from time to time.....and it's necessary as users may not like the default password they are given when they get an account on the network. I'm sure that this is possible.....I think Moodle allows this to happen, but that applications code is just sooo deeply buried that I can't understand what the hell is going on!!! LOL
Link to comment
Share on other sites

Thanks...I was reading this yesterday and although it goes part of the way in explaining what's happening, it doesn't actually answer the question. That script connects to LDAP, which I can do already, but the bit in their code that says "Bind sucsessfully, code to change password".....*thats* the piece of code that I need, and need to understand....I don't know the code to change the password...and they don't mention it!!!

But many thanks :)
Link to comment
Share on other sites

Hmmm......I have tried this......but...

[code]

$username = justme;
$passwd = abcdefg;
 
$ds=ldap_connect("xxx.xx.xxx.x");
if(!$ds)
{
print "Cannot authenticate at this time...please try again soon";
exit(0);
}

else
{
print "<br>connected";

}
   $username = "$username";
   $upasswd = "$passwd";
   $base_dn = "cn=users, dc=directory,dc=xxx,dc=xx,dc=xx";
   $rdn = "uid=$username, " . $base_dn;
   
   ldap_set_option($ldap_connect, LDAP_OPT_PROTOCOL_VERSION, 3);
   $ldapbind = ldap_bind($ds, $rdn, $upasswd);


   if ($ldapbind)
       {
  echo "<p>Bound!</p><p>";
  $newPassword = "skydive";
$userdata = $newPassword;
$result = ldap_modify($ds, $rdn, $userdata);
if ($result) echo "User modified!" ;
else echo "There was a problem!";

    }
   else{
print "<p style=\"margin-top:200px;text-align:center\">Not Authenticating</p>";       
       

}

ldap_close($ds);    //close the ldap connection

[/code]

...the result it this....

connected
Bound!

There was a problem!

So, even though I hard coded the current username and password, and I hard coded the new password, nothing changed. Obviously I have connected and bound to LDAP, but I (still) can't update the password!!

Woe is me!

Link to comment
Share on other sites

Okay... here is my latest attempt. I am trying really hard to find the solution to this problem and I'm sure that someone here must be able help me as this just can't be a problem that is unique to me seeing as LDAP use is widespread. Please, help me if you can. Thanks.

[code]

$username = justme;
$passwd = testpass;
 
$ds=ldap_connect("xxx.xx.xxx.x");
if(!$ds)
{
print "Cannot authenticate at this time...please try again soon";
exit(0);
}

else
{
print "<br>connected";


   $newpass = "skydive";
   $username = "$username";
   $base_dn = "cn=users, dc=directory,dc=xxx,dc=xx,dc=xx";
   $rdn = "uid=$username, " . $base_dn;
   
   ldap_set_option($ldap_connect, LDAP_OPT_PROTOCOL_VERSION, 3);
   $ldapbind = ldap_bind($ds, $rdn, $upasswd);

   if ($ldapbind)
       {
    echo "<p>Bind successful";

if(ldap_modify($ds, $rdn, $newpass))
{
echo "<p>The entry was modified successfully";
}
else {
     echo "<p>The entry couldnt be modified";
     }

       } //end of bind if condition
    } //end of connect if condition

[/code]

The result from running this code:

connected

Bind successful

The entry couldnt be modified

???
Link to comment
Share on other sites

  • 3 weeks later...
Hi,

Thanks for the reply....especially as I still haven't resolved this problem.The LDAP server, that is in my office, is set up so that users, once authenticated have the privilige to change their own password only. If they connect to the server via the gui on their workstations then they can change their passowords, no problem. However, staff have their own workstations but students do not. We have some 6oo students who use the lab machines of which there are about 60, or else their own laptops which connect to the network via radio link. We are wanting to open the Intranet server (which authenticates users via the LDAP server) so that access from outside campus is available, and therefore we also want to allow users to change their LDAP passwords via PHP which is more or less essential from an extra mural students standpoint. I know this is possible, but other than what I have tried I have run out of ideas as there seems to be no PHP documentaion available on the whole Internet!!!! :)
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.