Menu
As I know, in PHP, we need to connect LDAP over SSL in order to change user password.
Is there another way, E.G, other language (JAVA / ASP) to change LDAP password without SSL required?
Thanks.
Updates: I get "Warning: ldap_mod_replace() [function.ldap-mod-replace]: Modify: Insufficient access" when I try to modify self account password. If i try to change other user password, I get no error message, but the password still stick to the old one.
227
Log in to a domain-connected computer and open the Active Directory Users and Computers console. Find the user account whose password you want to reset. In the right pane, right-click on the user account and select Reset Password. Type the new password and enter it again to confirm.
LDAP passwords are normally stored in the userPassword attribute. RFC4519 specifies that passwords are not stored in encrypted (or hashed) form. This allows a wide range of password-based authentication mechanisms, such as DIGEST-MD5 to be used. This is also the most interoperable storage scheme.
Here is how a user can change their own password: [root@ldap ~]# ldappasswd -H ldapi:/// -x -D "uid=testuser,ou=users,dc=tylersguides,dc=com" -W -S uid=testuser,ou=users,dc=tylersguides,dc=com New password: Re-enter new password: Enter LDAP Password: Notice how you use the DN of the user for the bind DN.
LDAP is used as an authentication protocol for directory services. We use LDAP to authenticate users to on-prem and web applications, NAS devices, and SAMBA file servers.
Many LDAP implementations do indeed require SSL or TLS in order to change/set passwords. This is a requirement set by the LDAP server, not the language used to access it. Changing languages will not permit you to override this particular server requirement.
I understand that there are extenuating circumstances where you may not be able to establish a SSL/TLS connection, but in general, you absolutely want to be encrypting password functions like this - even if the server doesn't require it.
Edit: I bet the answer can be founds in the slapd logs. Also worth reviewing the ACLs: OpenLDAP Software 2.4 Administrator's Guide, Section 8. Access Control.
169
The directory stores password values in the userPassword attribute of the user entry. Depending on the access control settings for the server, users may set the value of userPassword in accordance with the password policy you specify, using standard tools, such as ldapmodify for example.
ldapmodify -h host -p port -D "cn=Directory Manager" -w password dn: uid=bjensen,ou=People,dc=example,dc=com changetype: modify replace: userPassword userPassword: ChAnGeMe
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
