Wednesday, April 30, 2008

At last i was able to change password using windows CtrlAltCanc
chgpwd.php
define ('LDAP_SERVER', 'xxxx.xxxx.it');
define ('BASE_DN', 'dc=xxxx,dc=it');
define ('LDAP_OU', 'ou=People');
define ('LDAP_DN', 'uid');
define ('GROUP_DN', 'ou=Groups');

define ('AUTH_OK', 0);
define ('AUTH_KO', 1);

class ldapUtils{

var $lastError = array();
var $ldapConn;
var $daysLeft;

function admin_change_password($ldapUid,$ldapNewPass){

/* try to connect to the server */
$this->ldapConn = ldap_connect(LDAP_SERVER);
if (!$this->ldapConn){
$this->_ldapGetLastError();
return AUTH_KO;
}

$user_ldaprdn = LDAP_DN . '=' . $ldapUid . ',' . LDAP_OU . ',' . BASE_DN;
$admin_ldaprdn = 'uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot';
$admin_ldappass = 'xxxx'; // associated password

$ldapBind = ldap_bind($this->ldapConn,$admin_ldaprdn,$admin_ldappass);
if (!$ldapBind){
$this->_ldapGetLastError();
return AUTH_KO;
}
$hashpass = '';
$hashpass = shell_exec("/usr/sbin/slappasswd -s ". $ldapNewPass);

$len = strlen($hashpass) - 1;
$hashpass = substr($hashpass,0,$len);

$stringCrypt = '';
$stringCrypt = shell_exec("/usr/sbin/mkntpwd ". $ldapNewPass);
$sambaPassword = preg_split("/:/",$stringCrypt);
ldap_set_option($this->ldapConn, LDAP_OPT_PROTOCOL_VERSION, 3);
$entry['userpassword'] = $hashpass;
$entry['sambantPassword'] = $sambaPassword[1];
$entry['sambalmPassword'] = $sambaPassword[0];
$entry['sambaPwdLastSet'] = date("U");
$entry['sambaPwdMustChange'] = date("U") + 90 * 86400;
$result = ldap_mod_replace($this->ldapConn, $user_ldaprdn, $entry );
echo $result . "\n";
var_dump($entry);
if ($result){
return AUTH_OK;
} else{
$this->_ldapGetLastError();
return AUTH_KO;
}
}
}

openlog("chgpwd.php", LOG_PID, LOG_LOCAL0);


syslog(LOG_WARNING, 'change password ' );


if(isset($argv[1]) ){

echo "password:" ;
$stdin = fopen('php://stdin', 'r');
$newpass = '';
$newpass = fgets($stdin);


syslog(LOG_WARNING, 'change password: ' . $argv[1] . ' - ' . $newpass );
$ldap = new ldapUtils();
if( $ldap->admin_change_password($argv[1], $newpass) == AUTH_KO ){
syslog(LOG_WARNING, 'failed to change password'. $argv[1] . ' - ' . $newpass);
closelog();
return AUTH_KO;
}
syslog(LOG_WARNING, 'password changed');
echo "changed";
return AUTH_OK;
} else {
syslog(LOG_WARNING, 'mancano i parametri');
closelog();
return AUTH_KO;
}


?>
Posted by at No comments:
Subscribe to: Posts (Atom)