ldap_mod_replace（）[function.ldap-MOD替换]：修改：服务器是不愿意执行 [英] ldap_mod_replace() [function.ldap-mod-replace]: Modify: Server is unwilling to perform

问题描述

得到一个错误：

  

服务器是不愿意执行

同时，通过PHP改变UNI codePWD公元。但是，我可以搜索，添加，删除和修改用户的任何属性。

使用管理员帐户进行绑定和管理具有完全访问权限更改任何用户的口令。

这里的code我使用：

 ＆LT; PHP
$ DN =CN =维沙尔Makwana，OU =地址簿，DC =例如，DC = COM;
$ AD = ldap_connect（LDAP：//example.com）
      或死亡（无法连接到广告！）;
ldap_set_option（$广告，LDAP_OPT_PROTOCOL_VERSION，3）;
$ BD =的ldap_bind（$的广告，admin@example.com，ADMIN1）;

    如果（$ BD）{
        回声AD成功绑定;
      }
    其他 {
        回声无法绑定AD;;
    }

$用户[UNI codePWD] =asdf1234;

$结果= ldap_mod_replace（$广告，$ DN，$用户）;
如果（$结果）回声用户修改！;其他
             回声有问题！

ldap_unbind（$广告）;
？＆GT;
 

解决方案

有一些事情你需要得到完全正确通过LDAP设定在公元密码。

• 您需要使用SSL连接（LDAPS：//）

• 密码需要用引号引起来

• 的（引用）的密码必须是EN codeD在16位单code（UTF-16LE）

假设你想设置的密码是普通的ASCII字符，单向code转换可以通过ASCII字符串的每个字节后加入\ 000字节来实现，如图的这code样品

所以，你的例子，而不是看起来像：

  $新密码=asdf1234;
。$新密码=\$新密码\;
$ LEN =的strlen（$新密码）;
为（$ i = 0; $ I＆LT; $ len个; $ I ++）。$ newpass ={$新密码{$ I}} \ 000;
$用户[UNI codePWD] = $ newpass;
 

Getting an error:

Server is unwilling to perform

while changing unicodePwd in AD through PHP. However, I'm able to search, add, remove and modify any attributes of the users.

Using Administrator account to bind and admin has full rights to change passwords of any users.

Here's the code I'm using:

<?php
$dn = "CN=Vishal Makwana,OU=Address Book,DC=example,DC=com";
$ad = ldap_connect("ldap://example.com")
      or die("Couldn't connect to AD!");
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
$bd = ldap_bind($ad,"admin@example.com","admin1");

    if($bd) {
        echo "AD bind successfully";  
      }
    else {
        echo "Couldn't bind AD";;
    }

$user["unicodePwd"] = "asdf1234";

$result = ldap_mod_replace($ad, $dn, $user);
if ($result) echo "User modified!"; else
             echo "There was a problem!";

ldap_unbind($ad);
?>

解决方案

There are a number of things you need to get exactly right to set a password in AD via LDAP.

• you need to use an SSL connection (ldaps://)

• the password needs to be enclosed in quotes

• the (quoted) password needs to be encoded in 16-bit unicode (UTF-16LE)

Assuming the password you're trying to set is ordinary ascii characters, the unicode conversion can be accomplished by adding a \000 byte after each byte of the ascii string, as shown in this code sample.

So your example would instead look like:

$newpassword = "asdf1234";
$newpassword = "\"" . $newpassword . "\"";
$len = strlen($newpassword);
for ($i = 0; $i < $len; $i++) $newpass .= "{$newpassword{$i}}\000";
$user["unicodePwd"] = $newpass;

这篇关于ldap_mod_replace（）[function.ldap-MOD替换]：修改：服务器是不愿意执行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！