If you do not wish to set up SSL on your active directory, and you are running on Windows, you can use COM and ADSI to set the new password for a user, or to active a user:
<?PHP
// to set a user password
// server is the ldap server
// newuser_dn is the full dn of the user you want to modify
// newuser_password is the password you wish to set for the user
$ADSI = new COM("LDAP:");
$user = $ADSI->OpenDSObject("LDAP://".$server."/".$newuser_dn, $adminuser, $adminpassword, 1);
$user->SetPassword($newuser_password);
$user->SetInfo();
// to activate a user
$ADSI = new COM("LDAP:");
$user = $ADSI->OpenDSObject("LDAP://".$server."/".$newuser_dn, $adminuser, $adminpassword, 1);
$user->AccountDisabled = false;
$user->SetInfo();
?>
ldap_mod_replace
Description
bool ldap_mod_replace ( resource link_identifier, string dn, array entry )如果成功则返回 TRUE,失败则返回 FALSE。
This function replaces attribute(s) from the specified dn. It performs the modification at the attribute level as opposed to the object level. Object-level modifications are done by the ldap_modify() function.
注: 本函数可安全用于二进制对象。
add a note
User Contributed Notes
erwann at zeflip dot com
05-Oct-2006 01:41
05-Oct-2006 01:41
EelBait
29-Sep-2006 07:11
29-Sep-2006 07:11
Using ldap_mod_replace to change a user's password will not set the password using a hashed value, but rather in clear text. There doesn't seem to be a way to use the various password-change protocols (e.g. extended operation) using this API. You might be better off using the ldappasswd command-line tool to perform this function.
frederic dot jacquot at insa-lyon dot fr
09-Jun-2004 07:26
09-Jun-2004 07:26
Changing a user password in Active Directory.
Securely connect (using ldaps) to the Active Directory and bind using an administrator account.
In this example, $userDn contains the dn of the user I want to modify, and $ad is the Active Directory ldaps connection)
$newPassword = "MyPassword";
$newPassword = "\"" . $newPassword . "\"";
$len = strlen($newPassword);
for ($i = 0; $i < $len; $i++)
$newPassw .= "{$newPassword{$i}}\000";
$newPassword = $newPassw;
$userdata["unicodepwd"] = $newPassword;
$result = ldap_mod_replace($ad, $userDn, $userdata);
if ($result) echo "User modified!" ;
else echo "There was a problem!";
I found it hard to get a proper encoding for the unicodepwd attribute so this piece of code might help you ;-)
19-Jul-2002 02:32
Sometime,we cannot replace ldap_mod_replace function with ldap_mod_del function and ldap_mod_add fuction .We don't have permission to delete an attribute but we can replace it.
ondrej at sury dot cz
26-Feb-2002 09:31
26-Feb-2002 09:31
in openldap 2.0.x you can use method with mod_del/mod_add only if the attribute have defined EQUALITY rule.
JoshuaStarr at aelana dot com
31-Aug-2001 02:28
31-Aug-2001 02:28
To modify an attribute with a single value:
$entry[mail] = "newmail@aelana.com";
$results = ldap_mod_add($ldapConnID,$dn, $entry);
To modify an attribute with multiple values:
$entry[mail][] = "newmail@aelana.com";
$entry[mail][] = "altnewmail@aelana.com";
$results = ldap_mod_add($ldapConnID,$dn, $entry);
To modify multiple attributes
$entry[mail][] = "newmail@aelana.com";
$entry[mail][] = "altnewmail@aelana.com";
$entry[c] = "US";
$results = ldap_mod_add($ldapConnID,$dn, $entry);
oyvindmo at initio dot no
30-Nov-2000 08:57
30-Nov-2000 08:57
ldap_mod_replace() and ldap_modify() are _exactly_ the same. So, the comment that ldap_mod_replace() "performs the modification at the attribute level as opposed to the object level", has no root in reality.
yife at myrice-ltd dot com
16-Nov-2000 05:57
16-Nov-2000 05:57
if i want to replace the special attribute but i don't replace other attribute ,i just use "ldap_mod_del" and "ldap_mod_add" ,the function seems to that