PHP LDAP change password page
I have recently implemented an SSO (Single Sign On) mechanism in one of my places and then I started to look for a simple quick-and-dirty way to allow the users to change their passwords via PHP.
I have found many complicated examples but I thought, come on, this is really one page I am looking for. So, I have written my own and now I am sharing it with you.
The page has only two variables at the beginning, letting you set the LDAP server hostname and the binding DN. The script behaves like this:
- It connects to ldap via anonymous binding.
- Searches for the user specified in the username field by doing a search on the uid= part of DN for any object matching the username.
- The found object (if only 1) is returned to get a full DN with real CommonName.
- PHP re-binds as the user using the “current” user password.
- New password is being hashed and ldap_modify is called on the DN.
- Optionally a confirmation email is sent to the address from mail attribute.
You will have to customize for your needs obviously but it is as simple as modyfying one function. Just for curiosity, write a comment if you have used it for your site in any way.
Thanks! :)
That’s really great. Much better than most of the complex tools I found on web. What I wished, was just to have a simple interface for our users to change their ldap password for web access.
Thanks a lot.
thanks a lot…
Dude, this script rocks. I was search all over the web for this type of script and came across this one. Have to say I am not well versed in PHP, but it was easy to install and get working. Does exactly what I need.
Thanks a lot for writing it.
Bryan
One little thing, there are two references to $server, which was not defined. I changed them to the $ldap, and it worked.
You might want to change that in your code.
cool, it works
thanks a lot
Thanks for the script Radek.
Do you need any specific settings in the slapd.conf to allow user changes of passwords? I can get as far as “E200 – Your password cannot be changed” but unfortunately can’t get the passwords to change.
Hi
You just need a standard access to the user’s attributes by the user, this is a standard openldap ACL:
access to attrs=userPassword,shadowLastChange
by anonymous auth
by self write
by * none
access to dn.base=”" by * read
access to *
by * read
thanks a lot but in the 1 line its :
$server = “localhost”
but in function you write :
changePassword($ldap,$dn,$_POST["username"],$_POST["oldPassword"],$_POST["newPassword1"],$_POST["newPassword2"]);
but something like $ldap is not exist, probably you think about $server, so should be:
changePassword($server,$dn,$_POST["username"],$_POST["oldPassword"],$_POST["newPassword1"],$_POST["newPassword2"]);
and its working for me;
best wishes, Michael;
Sure, thanks for that :)
Fixed.
Thank you thank you so much! I have been at my wits end trying to do this. I ended up at a dead end a year ago. My nemesis project just got pushed back to the top of my list and your script is just what I need to get started! Your script just taught me more about interacting with LDAP via php than anything else I’ve read or samples I’ve tried to dissect. I normally work with jsp and this is just about impossible to do with that! Thanks again.
Thank you very much for this script.
I was looking for this for a long time!
:)
Thanks!
Works for me.
Thanks for the great script. Suits my needs perfectly and even looks clean and professional!
good work.
but i dont understand this line:
$rdn = sprintf($dn,$_POST["username"]);
and i think you have to filter the post values like:
if (!get_magic_quotes_gpc()) {
$username = addslashes($_POST['username']);
$oldPassword = addslashes($_POST['oldPassword']);
$newPassword1 = addslashes($_POST['newPassword1']);
$newPassword2 = addslashes($_POST['newPassword2']);
} else {
$username = $_POST['username'];
$oldPassword = $_POST['oldPassword'];
$newPassword1 = $_POST['newPassword1'];
$newPassword2 = $_POST['newPassword2'];
}
and then use:
changePassword($server,$dn,$username,$oldPassword,$newPassword1,$newPassword2);
Thanks for the script. Great work.
I was looking this script all over. You made my life easy. Thanks a ton!!!!
Thank you for shared. Your script it worked.
I try already (SUSE Linux)
Thanks,
Sontaya
http://blog.susethailand.com
It works with CentOS Directory Server 8.1.
Thanks for your effort.Very Good !!!^^
Hi Radek.
I’ve been trying around but it didn’t work for me.
do I need any further configuration ?
I’m using windows XP running:
Appache 2.2.8 for windows
PHP ver 6.
Windows Server 2003 ent – with LDAPS support.
you script keep saying :Found user
E200 – Your password cannot be change, please contact the administrator.
(note that: I am able to connect to LDAPS via port 635 already, and the user already exist on AD) .
Thank you !!
I added the line:
ldap_start_tls($con);
So that I have TLS enabled. Works flawlessly, but could use some minor spellchecking. Exactly what I was looking for otherwise! :-D