Camrada Posted December 24, 2012 Share Posted December 24, 2012 I've been stumped on this for a couple days now. I've tried various solutions to no avail. Please help... Problem: We have two domain controller, which are not under our management. We are able to connect via LDAP on port 389, but are not able to connect securely over port 636. We are developing a system to allow a number of self-service facilities, one of which is a password recovery tool. This works up to the point of resetting the users password. I have found some code via the PHP manual which appears to do what we need, but cant seem to get it to work. This is the code I have thus far if ($caller==="change"){ if (($newPword1 === NULL)||($newPword1 === "" )){ return false;} if (($newPword2 === NULL)||($newPword2 === "" )){ return false;} if ($newPword1 != $newPword2) {$result["ERROR"]="1";$result["DETAILS"]="Your new password and the confirmation must match!";exit(); } try { $adldap = new adLDAP(); } catch (adLDAPException $e) {$result["ERROR"]="1";$result["DETAILS"]="An error occurred in adLDAP";echo json_encode($result);exit(); } $userinfo = $adldap->user()->info($username, array("givenname","dn","lockouttime")); $res = $userinfo[0]["lockouttime"]; $userDN = $userinfo[0]["dn"]; $firstName = $userinfo[0]["givenname"]; $authUser = $adldap->authenticate($username,$currentPword); if ($authUser){ try { $adminUsername = $domain."\\".$adminUsername; $srvDN = "LDAP://".$serverFQDN."/"; try {$ADSI = new COM("LDAP:");} catch (exception $e){$result["ERROR"]="1";$result["ERRORmsg"]=$e->getMessage();echo json_encode($result);exit();} try {$user = $ADSI->OpenDSObject($srvDN.$userDN, $adminUsername, $adminPassword, 1);} catch (exception $e){$result["ERROR"]="2";$result["ERRORmsg"]= $e->getMessage();echo json_encode($result);exit();} try { //set password if ($user){ $result["object"]="Success"; } else { $result["object"]="Failed"; } $user->SetPassword($newPword1); //line:114 -> error occurring on this line $user->SetInfo(); $result["ERROR"]="0"; $result["DETAILS"]="Thank you $firstName[0]<br><strong>Your password has been changed</strong><br><br>This may take up to 30 minutes to take effect depending on your location";} catch (exception $e){$result["ERROR"]="3";$result["ERRORmsg"]=$e." - ".$e->getMessage();$result["DETAILS"]="An Error Occurred.";} unset($user); unset($ADSI); } catch (exception $e){$result["ERROR"]="1";$result["DETAILS"]="An Error Occurred in the ADSI COM";echo json_encode($result);exit();} } else { if ($res[0] != "0"){ $result["ERROR"]="1"; $result["DETAILS"]="Im sorry $firstName[0].<br>Your account is now locked. Please contact the IT Service Desk for advice"; } else { $result["ERROR"]="1"; $result["DETAILS"]="Im sorry $firstName[0].<br>Your current password is incorrect"; } } In testing $result["object"] returns "Success". But the code seems to fail on the $user->SetPassword($newPword1); line. The error that is being returned is: ERROR -> "3" object -> "Success" ERRORmsg -> "exception 'com_exception' with message '<b>Source:</b> Unknown<br/><b>Description:</b> Unknown' in C:\inetpub\wwwroot\<path>\<filename>.php:114 Stack trace: #0 C:\inetpub\wwwroot\<path>\<filename>.php(114): variant->SetPassword('P@ssw0rd') #1 {main} - <b>Source:</b> Unknown<br/><b>Description:</b> Unknown" DETAILS -> "An Error Occurred." The above code is in a php doc on an IIS Web Server which is called by a user viewable page over https Are you able to offer any advice or guidance? Many thanks... Quote Link to comment https://forums.phpfreaks.com/topic/272338-change-ad-password-using-phpcomadsildap/ Share on other sites More sharing options...
Camrada Posted December 29, 2012 Author Share Posted December 29, 2012 Update: I've since been able to prove that new COM("LDAP:") successfully initialises and $ADSI->OpenDSObject successfully opens the AD object. I've tried against other user AD accounts and the script fails on the same line have replaced $user->SetPassword($newPword1); with $user->Put("pwdLastSet",0); and it successfully updated the appropriate AD attribute. So this shows that the ADSI connection is working Any ideas...? Quote Link to comment https://forums.phpfreaks.com/topic/272338-change-ad-password-using-phpcomadsildap/#findComment-1402045 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.