Change Ad Password Using Php/com/adsi/ldap

[Camrada]

I've been stumped on this for a couple days now. I've tried various solutions to no avail. Please help...

Problem: We have two domain controller, which are not under our management. We are able to connect via LDAP on port 389, but are not able to connect securely over port 636.

We are developing a system to allow a number of self-service facilities, one of which is a password recovery tool. This works up to the point of resetting the users password.

I have found some code via the PHP manual which appears to do what we need, but cant seem to get it to work.

This is the code I have thus far

if ($caller==="change"){
if (($newPword1 === NULL)||($newPword1 === "" )){ return false;}
if (($newPword2 === NULL)||($newPword2 === "" )){ return false;}
if ($newPword1 != $newPword2) {$result["ERROR"]="1";$result["DETAILS"]="Your new password and the confirmation must match!";exit(); }
try { $adldap = new adLDAP(); }
catch (adLDAPException $e) {$result["ERROR"]="1";$result["DETAILS"]="An error occurred in adLDAP";echo json_encode($result);exit(); }
$userinfo = $adldap->user()->info($username, array("givenname","dn","lockouttime"));
$res = $userinfo[0]["lockouttime"];
$userDN = $userinfo[0]["dn"];
$firstName = $userinfo[0]["givenname"];
$authUser = $adldap->authenticate($username,$currentPword);
if ($authUser){
try {
$adminUsername = $domain."\\".$adminUsername;
$srvDN = "LDAP://".$serverFQDN."/";

try {$ADSI = new COM("LDAP:");}
catch (exception $e){$result["ERROR"]="1";$result["ERRORmsg"]=$e->getMessage();echo json_encode($result);exit();}
try {$user = $ADSI->OpenDSObject($srvDN.$userDN, $adminUsername, $adminPassword, 1);}
catch (exception $e){$result["ERROR"]="2";$result["ERRORmsg"]= $e->getMessage();echo json_encode($result);exit();}
try { //set password
if ($user){
$result["object"]="Success";
} else {
$result["object"]="Failed";
}
$user->SetPassword($newPword1); //line:114 -> error occurring on this line
$user->SetInfo();
$result["ERROR"]="0";
$result["DETAILS"]="Thank you $firstName[0]<br><strong>Your password has been changed</strong><br><br>This may take up to 30 minutes to take effect depending on your location";}
catch (exception $e){$result["ERROR"]="3";$result["ERRORmsg"]=$e." - ".$e->getMessage();$result["DETAILS"]="An Error Occurred.";}
unset($user);
unset($ADSI);
} catch (exception $e){$result["ERROR"]="1";$result["DETAILS"]="An Error Occurred in the ADSI COM";echo json_encode($result);exit();}
} else {
if ($res[0] != "0"){
$result["ERROR"]="1";
$result["DETAILS"]="Im sorry $firstName[0].<br>Your account is now locked. Please contact the IT Service Desk for advice";
} else {
$result["ERROR"]="1";
$result["DETAILS"]="Im sorry $firstName[0].<br>Your current password is incorrect";
}
}

In testing

$result["object"]

returns "Success". But the code seems to fail on the

$user->SetPassword($newPword1); 

line.

The error that is being returned is:

ERROR -> "3"
object -> "Success"
ERRORmsg -> "exception 'com_exception' with message '<b>Source:</b> Unknown<br/><b>Description:</b> Unknown' in C:\inetpub\wwwroot\<path>\<filename>.php:114
Stack trace:
#0 C:\inetpub\wwwroot\<path>\<filename>.php(114): variant->SetPassword('P@ssw0rd')
#1 {main} - <b>Source:</b> Unknown<br/><b>Description:</b> Unknown"
DETAILS -> "An Error Occurred."

The above code is in a php doc on an IIS Web Server which is called by a user viewable page over https

Are you able to offer any advice or guidance?

Many thanks...

[Camrada]

Update:

I've since been able to prove that

new COM("LDAP:") 

successfully initialises and

$ADSI->OpenDSObject

successfully opens the AD object. I've tried against other user AD accounts and the script fails on the same line

 

have replaced

$user->SetPassword($newPword1);

with

$user->Put("pwdLastSet",0); 

and it successfully updated the appropriate AD attribute. So this shows that the ADSI connection is working

 

Any ideas...?