LDAP密码是否使用PHP修改了扩展操作? [英] Do an LDAP Password Modify Extended Operation using PHP?

问题描述

使用PHP，是否可以执行 RFC 3062中指定的LDAP密码修改扩展操作?我正在使用的LDAP目录中的密码哈希方案可能会定期更改，因此我的理解是我无法根据特定方案(例如，{SHA})对新密码进行哈希，因此我需要使用扩展操作并让目录进行哈希处理.那是对的吗? ldap_set_option 的帮助页面建议，但我确定无法在网络上的任何地方找到任何示例代码.也许我只是迷失了我的Google-fu. TIA

Using PHP, is it possible to do an LDAP Password Modify Extended Operation, as specified in RFC 3062? The password hashing scheme in the LDAP directory I am working with may change periodically, so it is my understanding that I can't hash a new password according to a specific scheme, e.g., {SHA}, I need to use an Extended Operation instead and let the directory do the hashing. Is that correct? The help page for ldap_set_option suggests that it might be possible, but I sure can't find any example code anywhere on the web. Maybe I'm just losing my Google-fu. TIA

推荐答案

LDAP客户端绝不能将预编码的密码传输到目录服务器-密码必须始终通过安全连接以明文方式传输，因为现代，专业品质的目录服务器只有在输入明文密码后才能执行密码质量检查和密码历史记录检查.

LDAP clients must never transmit pre-encoded passwords to the directory server - passwords must always be transmitted in the clear over a secure connection because modern, professional-quality directory servers can perform password quality checks and password history checks only when presented with a clear-text password.

如果PHP支持扩展操作和扩展响应，则支持密码修改扩展操作(这需要现有密码，如果不提供新密码，则可以生成密码).我不是PHP专家，但是我相信set_option可以用于控件(附加到操作中)，但是我不知道PHP是否支持LDAP扩展操作.

If PHP supports extended operations and extended responses, then the password modify extended operation (which requires the existing password and can generate a password if no new password is supplied) is supported. I am no PHP expert, but I believe that set_option can be used for controls (which are attached to an operation), but I do not know if PHP supports LDAP extended operations.

这篇关于LDAP密码是否使用PHP修改了扩展操作?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！