I want to change user's password [unicodePwd] on Windows Active Directory using PHP LDAP.
I am using Windows Active Directory via PHP LDAP.
I don't have any issues connection to it.
I don't have any issues collecting data.
I don't have any issues changing attributes using ldap_mod_replace or ldap_modify
except for the "unicodePwd".
*note that this works
$user['telephonenumber'] = '1234567890';
*note that this does'nt work
$user['unicodePwd'] = mb_convert_encoding('my_new_password', "UTF-16LE");
// CODE
$result = ldap_modify($ldap, $dn, $user);
return ldap_error($ldap);
// CODE
// ERROR ON CHANGING unicodePwd
ldap_modify(): Modify: Server is unwilling to perform
// NO ERROR FOR telephonenumber
I can't setup my server to have ldap over ssl. Already tried installing AD CS, nothing worked so far. Still configuring my server any idea about installing CA(Certificate Authority) to be used in LDAP over SSL?
Already setup LDAP OVER SSL, i can also use ldap using the
cmd->ldp; port 389, and 636 with ssl is good.
but when i run it in my php using port 636 or ldaps://servername this is the error,
ldap_bind(): Unable to bind to server: Can't contact LDAP server
You need to be on a secured connection to modify a password (and probably other security related options).
Add the following before you call ldap_bind():
ldap_start_tls($ldap);
This is a good idea even if you aren't trying to change a password as otherwise your bind operation is cleartext and can be sniffed.
If you see this error:
Warning: ldap_start_tls(): Unable to start TLS: Connect error in ...
You can workaround the issue by adding the following line before you call ldap_connect:
putenv('LDAPTLS_REQCERT=never');
WARNING: This disables checking the validity of the LDAP server certificate! Ideally you should add the server certificate (or its signing CA) to your trusted store.