?
Solved

PHP ldap_mod_replace throws warning

Posted on 2007-11-19
6
Medium Priority
?
1,312 Views
Last Modified: 2008-10-10
I can connect to the active directory server, bind to it and search it and all that, but when i try to use ldap_mod_replace (i am trying to give the users the ability to change their own AD passwords) it throws the following warning:
"Warning: ldap_mod_replace(): Modify: No such object in ..."

I would greatly appretiate any help.
//make the connection//
if(!$ldap_con = ldap_connect($domain_ctr)){ die("Cannot connect"); }
else { echo "<li />Connection successful ..."; }
 
//var_dump( $ldap_con );
if($ldap_bind = ldap_bind($ldap_con, $adm_user."@yponepublishing.local", $adm_pass)){
	//read user file//
	$fp = fopen($user_fl, 'r');
	
	while (($data = fgetcsv($fp, 1000, ",")) !== false) {
		
		//username, repID/
		echo "<li />".count($data);print_r($data);
		if(count($data) == 2){
			//echo "<li />";var_dump($data);
 
			$user_name = $data['0'];
			$new_pass = 'Sales'.$data['1'];
			$attr["unicodePwd"][0] = encodePassword($new_pass);
 
			//Change password/
			if(ldap_mod_replace($ldap_con, "uid=".$user_name.$dc_str, $attr)) {
				echo "<li /> ".$user_name." = Succeded";
			}else { echo "<li />".$user_name." = Failed"; }						
		}//end if 
	}//end while
		
	fclose($fp);
}//end if if($ldap_bind = @ldap_...
 
 
//close connection//
ldap_close($ldap_con);

Open in new window

0
Comment
Question by:zzman123
  • 3
4 Comments
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20314585
My gut's telling me you have to base64 encode the quoted password string but I haven't got the resources to hand right now to verify that.

I'll look further if time permits and the question remains unresolved ...
0
 
LVL 9

Expert Comment

by:MSE-dwells
ID: 20314684
... there again, now I'm thinking that was a legacy Win2K requirement.

Heh, must stop thinking about this for the moment ... will return later as I said ...
0
 

Author Comment

by:zzman123
ID: 20314854
I think the problem is on the php side and not the AD server itself.
0
 
LVL 9

Accepted Solution

by:
MSE-dwells earned 2000 total points
ID: 20315273
I can't say for certain since my PHP abilities are limited to say the least.  I can say, however, that AD won't accept a password over LDAP unless its LDAPS or LDAP opt 0x96 (LDAP_OPT_ENCRYPT) is in play.  In addition, the password value requires specific encoding; UTF-16 or unicode little-endian I believe.  You may want to take a look at this since it references some of the constraints in play on the back-end -

http://support.microsoft.com/default.aspx?scid=kb;EN-US;269190
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month16 days, 22 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question