使用PHP更改AD密码 [英] Change AD password using PHP

问题描述

我试图远程访问我的广告服务器(用于条目/用户修改)，我使用公共IP使用端口389建立连接，但不允许我在条目中进行修改(能够检索条目).因此，我尝试使用端口636建立连接，但无法使用此端口进行连接. 因此，能否让我知道在636上进行连接需要进行哪些更改，或者如何修改端口389上的Entry(即更改密码(unicodepwd))?

I am trying to access my ad server(for entry/User modification) remotely, I got connection using port 389 with my public IP but it doesn't let me to make modification in entry(able to retrieve entry). So, I try to make connection using port 636 but I am not able to connect using this port. So, can you please let me know what changes do I need to make to connect on 636 or How can I modify Entry(i.e change password(unicodepwd)) on port 389?

谢谢.！

推荐答案

使用PHP，您可以使用LDAP通过SSL连接上的简单绑定来更改AD用户密码.

Using PHP, you can change an AD user password using LDAP with a simple bind on an SSL connexion.

为此，您需要在AD服务器上安装证书.一种简单的方法(不是更具吸引力)是在您的域上安装Microsoft证书服务器(企业安装，请参见如何通过LDAP启用LDAP具有第三方证书颁发机构的SSL ).

For this you need to install a certificate on you AD server. The simple way (not the more attractive) is to install Microsoft Certificate Server on your domain (Enterprise installation see Configuring Microsoft Active Directory for SSL Access) and then to reboot your domain controler. You can also generate a certificate with OpenSSL and install it on the computer (see How to enable LDAP over SSL with a third-party certification authority).

这里是一个LDIF文件的示例，该文件允许在SSL连接上使用其密码创建用户，您将找到我为密码生成base 64字符串的方法:

Here is a sample of an LDIF File that allow to create a user with his password on an SSL connexion, you will find the way I generate the base 64 string for the password :

# Imported with :
# ldifde -i -t 636 -f .\Annuaire3.ldf
# Password generated by ("" must be encoded inside):
# stringconverter.exe \"test.2011\" /unicode /encode
# Connexion then tested with :
# runas /user:jdupont cmd.exe (password is test.2011)

dn: cn=Jean Dupont,OU=MonOU,DC=societe0,DC=fr
changetype: add
objectClass: user
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Jean Dupont
givenName: Jean
sn: Dupont
mail: jean.Dupont@societe.fr
telephoneNumber: 9999
userAccountControl: 544
sAMaccountName: jdupont
userPrincipalName: jdupont@societe.fr
unicodePwd:: IgB0AGUAcwB0AC4AMgAwADEAMQAiAA==

这篇关于使用PHP更改AD密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！