I am having a crazy Problem when updating the password of an AD user via PHP ldap API.
This is the function (part of a class) I use for updating the pw:
function updatePassword($newPassword){ // works only with LDAPS (LDAP WITH SSL/TLS ENCRYPTION)
$newPassword = "\"". $newPassword. "\"";
$newPassw = "";
$len = strlen($newPassword);
for($i = 0; $i < $len; $i++){
$newPassw .= "{$newPassword{$i}}\000";
}
$newPassword = $newPassw;
//$newPassword = mb_convert_encoding($newPassword, "UTF-16LE");
$newEntry = array("unicodePwd" => $newPassword);
$dn = $this->getUserInformation()["distinguishedname"];
if(ldap_mod_replace($this->connection, $dn, $newEntry)){
return true;
}
return ldap_error($this->connection);
}
After a user updates his password, the new one is working, but for quite some time, the old password is still working too. So the user is able to login to our web application and also into windows with his new password, as well as his old password...
Does someone has an idea or knows what the problem could be?
(Some Background Information:
If someone faces the same problem:
A few days ago I read an article, in which the reason for the described behavior was mentioned It's an Windows AD "feature", that keeps the user's old password valid for one hour after the password is changed