PHP ldap_mod_replace throws warning

Posted on 2007-11-19
Medium Priority
Last Modified: 2008-10-10
I can connect to the active directory server, bind to it and search it and all that, but when i try to use ldap_mod_replace (i am trying to give the users the ability to change their own AD passwords) it throws the following warning:
"Warning: ldap_mod_replace(): Modify: No such object in ..."

I would greatly appretiate any help.
//make the connection//
if(!$ldap_con = ldap_connect($domain_ctr)){ die("Cannot connect"); }
else { echo "<li />Connection successful ..."; }
//var_dump( $ldap_con );
if($ldap_bind = ldap_bind($ldap_con, $adm_user."@yponepublishing.local", $adm_pass)){
	//read user file//
	$fp = fopen($user_fl, 'r');
	while (($data = fgetcsv($fp, 1000, ",")) !== false) {
		//username, repID/
		echo "<li />".count($data);print_r($data);
		if(count($data) == 2){
			//echo "<li />";var_dump($data);
			$user_name = $data['0'];
			$new_pass = 'Sales'.$data['1'];
			$attr["unicodePwd"][0] = encodePassword($new_pass);
			//Change password/
			if(ldap_mod_replace($ldap_con, "uid=".$user_name.$dc_str, $attr)) {
				echo "<li /> ".$user_name." = Succeded";
			}else { echo "<li />".$user_name." = Failed"; }						
		}//end if 
	}//end while
}//end if if($ldap_bind = @ldap_...
//close connection//

Open in new window

Question by:zzman123
  • 3

Expert Comment

ID: 20314585
My gut's telling me you have to base64 encode the quoted password string but I haven't got the resources to hand right now to verify that.

I'll look further if time permits and the question remains unresolved ...

Expert Comment

ID: 20314684
... there again, now I'm thinking that was a legacy Win2K requirement.

Heh, must stop thinking about this for the moment ... will return later as I said ...

Author Comment

ID: 20314854
I think the problem is on the php side and not the AD server itself.

Accepted Solution

MSE-dwells earned 2000 total points
ID: 20315273
I can't say for certain since my PHP abilities are limited to say the least.  I can say, however, that AD won't accept a password over LDAP unless its LDAPS or LDAP opt 0x96 (LDAP_OPT_ENCRYPT) is in play.  In addition, the password value requires specific encoding; UTF-16 or unicode little-endian I believe.  You may want to take a look at this since it references some of the constraints in play on the back-end -


Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question