Friday, March 13, 2009

LDAP integration to change password

Once you have installed and configured LDAP on your Linux server you will probably need to change user’s passwords in future. For this you can allow user to login and change their password from shell.
User management from shell is not a sufficient way, you might be interested to find a way to change password without allowing user to log into server. And in case if you has particular login registration framework, then you would like to integrate LDAP with it.
I choose PHP to perform the task.
First thing, allow user to change password in slapd.conf file;

access to attr=userPassword
by self write
by anonymous auth
by * none

The next step is ldap bind with user credentials for authentication;

if(isset($username) and isset($newpassword) and isset($oldpassword)) {
$ldapconn = ldap_connect("hostname", 389);

//If user gives correct username and password, then;

if( ldap_mod_replace ($ldapconn, "uid=".$username.",dc=host,dc=com",
array('userpassword' => "{MD5}".base64_encode(pack("H*",md5($newpassword)) ){
print "Password changed successfully ";
print "Failed to change password";

1 comment:

Nasir Ali Shah said...

Assalaam O ALaikum!

I Have read your article and It will very helpfull for me . Good work done.