Ldap_mod_replace () [function.ldap-mod-replace]: Edit: the server does not want to execute

Question

Ldap_mod_replace () [function.ldap-mod-replace]: Edit: the server does not want to execute

Getting error:

The server does not want to execute

when changing unicodePwd in AD via PHP. However, I can search, add, delete, and modify any user attributes.

Using the administrator account for binding and administration has full rights to change passwords for all users.

Here is the code I'm using:

<?php
$dn = "CN=Vishal Makwana,OU=Address Book,DC=example,DC=com";
$ad = ldap_connect("ldap://example.com")
      or die("Couldn't connect to AD!");
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
$bd = ldap_bind($ad,"admin@example.com","admin1");

    if($bd) {
        echo "AD bind successfully";  
      }
    else {
        echo "Couldn't bind AD";;
    }

$user["unicodePwd"] = "asdf1234";

$result = ldap_mod_replace($ad, $dn, $user);
if ($result) echo "User modified!"; else
             echo "There was a problem!";

ldap_unbind($ad);
?>

+5

php windows-server-2008-r2 active-directory ldap

Victor mason May 26 '12 at 1:59

source share

2 answers

David Gelhar · Answer 1 · 2012-05-26T05:01:45+0000

There are a few things you need to accurately set the password in AD through LDAP.

you need to use SSL connection (ldaps: //)
password must be enclosed in quotation marks
Password (quotation marks) must be encoded in 16-bit Unicode (UTF-16LE)

, , , ascii, 1000 ascii, .

, :

$newpassword = "asdf1234";
$newpassword = "\"" . $newpassword . "\"";
$len = strlen($newpassword);
for ($i = 0; $i < $len; $i++) $newpass .= "{$newpassword{$i}}\000";
$user["unicodePwd"] = $newpass;

Manish · Answer 2 · 2012-06-14T14:09:00+0000

, PHP-, LDAP.

LDAP PHP; unicodePwd.

ldap_connect(ldaps://IP, 636);
ldap_connect(ldaps://IP, 389);

Ldap_mod_replace () [function.ldap-mod-replace]: Edit: the server does not want to execute

More articles: