Menu
I have problem about password in Active Directory. I want to get password from "username" of user I tried function "ldap_search", but I do not find correctly attribute for password I tried as: password, userpassword, userPassword, unicodePwd, unicodepwd, but they are not correct.
I look forward to helping of everyone Thanks for all :D trankinhly
285
Passwords in Active Directory are not retrievable. Nor are they in most directories. (eDirectory has a password policy, that if you bind as the specified user, then you can retrieve passwords via LDAP extensions)
Some directories might let you recover the hashed versions, but that is not that great either.
To be cross platform, it is better to try and bind with the values provided and either succeed or fail. Additionally, LDAP says a bind with a blank password is actually an anonymous bind, which will probably succeed, so you need to filter for that case.
Once bound as the user, you could look at their group memberships (since usually they can see their own) or look at some other attribute, which if they can read it, means they have some level of rights. (I.e. Implement authorization as well as authentication).
84
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
