Jump to content

Recommended Posts

I've been stumped on this for a couple days now. I've tried various solutions to no avail. Please help...

Problem: We have two domain controller, which are not under our management. We are able to connect via LDAP on port 389, but are not able to connect securely over port 636.

We are developing a system to allow a number of self-service facilities, one of which is a password recovery tool. This works up to the point of resetting the users password.

I have found some code via the PHP manual which appears to do what we need, but cant seem to get it to work.

This is the code I have thus far

if ($caller==="change"){
if (($newPword1 === NULL)||($newPword1 === "" )){ return false;}
if (($newPword2 === NULL)||($newPword2 === "" )){ return false;}
if ($newPword1 != $newPword2) {$result["ERROR"]="1";$result["DETAILS"]="Your new password and the confirmation must match!";exit(); }
try { $adldap = new adLDAP(); }
catch (adLDAPException $e) {$result["ERROR"]="1";$result["DETAILS"]="An error occurred in adLDAP";echo json_encode($result);exit(); }
$userinfo = $adldap->user()->info($username, array("givenname","dn","lockouttime"));
$res = $userinfo[0]["lockouttime"];
$userDN = $userinfo[0]["dn"];
$firstName = $userinfo[0]["givenname"];
$authUser = $adldap->authenticate($username,$currentPword);
if ($authUser){
try {
$adminUsername = $domain."\\".$adminUsername;
$srvDN = "LDAP://".$serverFQDN."/";

try {$ADSI = new COM("LDAP:");}
catch (exception $e){$result["ERROR"]="1";$result["ERRORmsg"]=$e->getMessage();echo json_encode($result);exit();}
try {$user = $ADSI->OpenDSObject($srvDN.$userDN, $adminUsername, $adminPassword, 1);}
catch (exception $e){$result["ERROR"]="2";$result["ERRORmsg"]= $e->getMessage();echo json_encode($result);exit();}
try { //set password
if ($user){
$result["object"]="Success";
} else {
$result["object"]="Failed";
}
$user->SetPassword($newPword1); //line:114 -> error occurring on this line
$user->SetInfo();
$result["ERROR"]="0";
$result["DETAILS"]="Thank you $firstName[0]<br><strong>Your password has been changed</strong><br><br>This may take up to 30 minutes to take effect depending on your location";}
catch (exception $e){$result["ERROR"]="3";$result["ERRORmsg"]=$e." - ".$e->getMessage();$result["DETAILS"]="An Error Occurred.";}
unset($user);
unset($ADSI);
} catch (exception $e){$result["ERROR"]="1";$result["DETAILS"]="An Error Occurred in the ADSI COM";echo json_encode($result);exit();}
} else {
if ($res[0] != "0"){
$result["ERROR"]="1";
$result["DETAILS"]="Im sorry $firstName[0].<br>Your account is now locked. Please contact the IT Service Desk for advice";
} else {
$result["ERROR"]="1";
$result["DETAILS"]="Im sorry $firstName[0].<br>Your current password is incorrect";
}
}

In testing

$result["object"]

returns "Success". But the code seems to fail on the

$user->SetPassword($newPword1); 

line.

The error that is being returned is:

ERROR -> "3"
object -> "Success"
ERRORmsg -> "exception 'com_exception' with message '<b>Source:</b> Unknown<br/><b>Description:</b> Unknown' in C:\inetpub\wwwroot\<path>\<filename>.php:114
Stack trace:
#0 C:\inetpub\wwwroot\<path>\<filename>.php(114): variant->SetPassword('P@ssw0rd')
#1 {main} - <b>Source:</b> Unknown<br/><b>Description:</b> Unknown"
DETAILS -> "An Error Occurred."

The above code is in a php doc on an IIS Web Server which is called by a user viewable page over https

Are you able to offer any advice or guidance?

Many thanks...

Link to comment
https://forums.phpfreaks.com/topic/272338-change-ad-password-using-phpcomadsildap/
Share on other sites

Update:

I've since been able to prove that

new COM("LDAP:") 

successfully initialises and

$ADSI->OpenDSObject

successfully opens the AD object. I've tried against other user AD accounts and the script fails on the same line

 

have replaced

$user->SetPassword($newPword1);

with

$user->Put("pwdLastSet",0); 

and it successfully updated the appropriate AD attribute. So this shows that the ADSI connection is working

 

Any ideas...?

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.