Changing a user password in Active Directory.
Securely connect (using ldaps) to the Active Directory and bind using an administrator account.
In this example, $userDn contains the dn of the user I want to modify, and $ad is the Active Directory ldaps connection)
$newPassword = "MyPassword";
$newPassword = "\"" . $newPassword . "\"";
$len = strlen($newPassword);
for ($i = 0; $i < $len; $i++)
$newPassw .= "{$newPassword{$i}}\000";
$newPassword = $newPassw;
$userdata["unicodepwd"] = $newPassword;
$result = ldap_mod_replace($ad, $userDn, $userdata);
if ($result) echo "User modified!" ;
else echo "There was a problem!";
I found it hard to get a proper encoding for the unicodepwd attribute so this piece of code might help you ;-)
ldap_mod_replace
Description
bool ldap_mod_replace ( resource link_identifier, string dn, array entry )如果成功则返回 TRUE,失败则返回 FALSE。
This function replaces attribute(s) from the specified dn. It performs the modification at the attribute level as opposed to the object level. Object-level modifications are done by the ldap_modify() function.
注: 本函数可安全用于二进制对象。
add a note
User Contributed Notes
frederic dot jacquot at insa-lyon dot fr
09-Jun-2004 07:26
09-Jun-2004 07:26
19-Jul-2002 02:32
Sometime,we cannot replace ldap_mod_replace function with ldap_mod_del function and ldap_mod_add fuction .We don't have permission to delete an attribute but we can replace it.
ondrej at sury dot cz
26-Feb-2002 09:31
26-Feb-2002 09:31
in openldap 2.0.x you can use method with mod_del/mod_add only if the attribute have defined EQUALITY rule.
JoshuaStarr at aelana dot com
31-Aug-2001 02:28
31-Aug-2001 02:28
To modify an attribute with a single value:
$entry[mail] = "newmail@aelana.com";
$results = ldap_mod_add($ldapConnID,$dn, $entry);
To modify an attribute with multiple values:
$entry[mail][] = "newmail@aelana.com";
$entry[mail][] = "altnewmail@aelana.com";
$results = ldap_mod_add($ldapConnID,$dn, $entry);
To modify multiple attributes
$entry[mail][] = "newmail@aelana.com";
$entry[mail][] = "altnewmail@aelana.com";
$entry[c] = "US";
$results = ldap_mod_add($ldapConnID,$dn, $entry);
oyvindmo at initio dot no
30-Nov-2000 08:57
30-Nov-2000 08:57
ldap_mod_replace() and ldap_modify() are _exactly_ the same. So, the comment that ldap_mod_replace() "performs the modification at the attribute level as opposed to the object level", has no root in reality.
yife at myrice-ltd dot com
16-Nov-2000 05:57
16-Nov-2000 05:57
if i want to replace the special attribute but i don't replace other attribute ,i just use "ldap_mod_del" and "ldap_mod_add" ,the function seems to that