Kini aku harus lebih mendekati Nya
Blog punya whafret -- http://whafret.blogspot.com/
Your Ad Here
Text Link Ads
19 February 2007
User password changes with LDAP and PHP

Once you've started using LDAP for authentication, you'll probably want to let your users change their passwords. Since they might not want to/be able to do a shell login, and change their password with ldappasswd(1), something else, and more user friendly would be nice.
I chose using PHP, which I have compiled with LDAP support. Using Apache with SSL support, the passwords didn't have to travel over the wire in plaintext.
Now, users should only be able to change their own passwords, and nothing but the password. This was acheived with this stanza in slapd.conf

access to attr=userPassword
by self write
by anonymous auth
by * none

The next step then, is authenticating the user, by doing an ldap bind with his credentials:

if(isset($username) and isset($newpass) and isset($oldpass)) {
$ldapconn = ldap_connect("ldap.example.com", 389);
$ldapbind = @ldap_bind($ldapconn,"uid=".$username.",dc=example,dc=com",$oldpass);
if($ldapbind) {

If the bind with the old password succeeds, the user has entered the right username/password combination. To change the passwd we then do:

print "

Change password ";
if(ldap_mod_replace ($ldapconn, "uid=".$username.",dc=example,dc=com",
array('userpassword' => "{MD5}".base64_encode(pack("H*",md5($newpass))) {
print "succeded"; } else { print "failed"; }
print ".

\n"
;

Pretty simple, eh?

Karyl F. Stein has written a much more elaborate php ldap password changer. It used to be located at www.xenos.net/software/phpLdapPasswd/, but the page seems to have been shut down.

Labels: ,

posted by Wawan Hendrawan @ 12:38  
 
About Me

Name: Wawan Hendrawan
Home: Bogor, Indonesia
About Me: Me, is me. And you are you...
See my complete profile
Previous Post
Friends
Archives
Powered by

15n41n1

BLOGGER





Text Link Ads