1.The password is stored in the AD and LDS database on a user object in the unicodePwd attribute
2.the client must have a 128-bit Transport Layer Security (TLS)/Secure Socket Layer (SSL) connection to the server.
3.設定 AD CS,確認 LDAPS:636 正常運作
4.用於 PHP 密碼編碼及更新程式碼
$userdata["unicodePwd"] = iconv("UTF-8", "UTF-16LE", '"' . $new_pass . '"');
ldap_mod_replace($ldapconn, 'CN=user,CN=Users,DC=domain,DC=com', $userdata);
5.參考資料
https://support.microsoft.com/en-us/help/269190/how-to-change-a-windows-active-directory-and-lds-user-password-through
6.認證程式碼
putenv('LDAPTLS_REQCERT=allow');
$ldapurl = "ldaps://domain.local";
$ldapurl = "ldaps://192.168.0.1";
$ldapconn = ldap_connect($ldapurl);
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
$ldapbind = ldap_bind($ldapconn, "php@domain.local", "p@ssw0rd");
沒有留言:
張貼留言