| Author |
Message |
|
Dominic
|
Post subject:  Posted: Thu Feb 16, 2006 11:17 am |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
|
You can ask for any info that you want.
Just need to change the html question from username to what ever field you want to use as authentication.
As long as the data for the answer exists in the Active Directory or another LDAP server, its up to you.
I used username and password, as it is unique.
But you could ask for the 2nd 3rd and 5th of the username and do a compare.
As the Active Directory will only allow changes by a privileged user, how you decide how users are identified is up to you.
The best solution would be to use Kerberos credentials as the users is already authenticated to make changes to his/her password.
I cannot remember which images I was using but I will have a look.
|
|
  |
|
 |
|
jphilbert
|
Post subject: Posted: Thu Feb 16, 2006 12:57 pm |
|
 |
| Just started |
 |
Joined: Thu Feb 16, 2006 3:35 am
Posts: 6
|
|
been having some problems with the script working.
After I coustmize it for the folder it in blah blah.
$ad = "ldaps://192.168.1.10";
$au = "administrator@etan.sttj.k12.vi";
$Pass = "*******";
$dn = "DC=etan,DC=sttj,DC=k12,DC=vi";
whill the dn work. SSL is open.
I have other types of LDAPs code that works, a simple AD auth php script.
|
|
| |
|
|
|
Dominic
|
Post subject: Posted: Fri Feb 17, 2006 3:27 pm |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
|
The DN path looks ok
however it is at the root level
The other thing you might want to do is grab the users DN (this might be where your problem is)
so you can search the root level for a user
use distinguishedname as one search field to find the user.
and grab there DN i.e. CN=test test,OU=Sub OU,OU=Accounts,DC=Server,DC=COM
$ad = "ldaps://192.168.1.10";
$au = "administrator@etan.sttj.k12.vi";
$Pass = "*******";
$dn = "DC=etan,DC=sttj,DC=k12,DC=vi"; //for search
$usersDN = "CN=test test,OU=Sub OU,OU=Accounts,DC=etan,DC=sttj,DC=k12,DC=vi"; //to modify
|
|
| |
|
|
|
jphilbert
|
Post subject: Posted: Mon Feb 20, 2006 2:38 am |
|
|
| Just started |
|
Joined: Thu Feb 16, 2006 3:35 am
Posts: 6
|
Dominic wrote: The DN path looks ok
however it is at the root level
The other thing you might want to do is grab the users DN (this might be where your problem is)
so you can search the root level for a user
use distinguishedname as one search field to find the user.
and grab there DN i.e. CN=test test,OU=Sub OU,OU=Accounts,DC=Server,DC=COM
$ad = "ldaps://192.168.1.10";
$au = "administrator@etan.sttj.k12.vi";
$Pass = "*******";
$dn = "DC=etan,DC=sttj,DC=k12,DC=vi"; //for search
$usersDN = "CN=test test,OU=Sub OU,OU=Accounts,DC=etan,DC=sttj,DC=k12,DC=vi"; //to modify
I having another issue I cant get ldap ssl to work .. even when I test that LDAP SSL is avaliable with ldp.exe.
Any Ideas why it wont bind?
if I take out the "s" in ldap it binds.
AD 2003.
$usersDN = "CN=test test,OU=Sub OU,OU=Accounts,DC=etan,DC=sttj,DC=k12,DC=vi"; //to modify
Where is this - did you change the code?
|
|
| |
|
|
|
Dominic
|
Post subject: Posted: Mon Feb 20, 2006 9:47 am |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
Have you gone through
http://www.apple-scripts.com/forums/viewtopic.php?t=28
you must have an SSL conection or you will get "server cannot do request" or modify.
I take it you are using a Windows Server to host your PHP.
You still need to follow the steps to setup authenticated trust.
|
|
| |
|
|
|
jphilbert
|
Post subject: Posted: Mon Feb 20, 2006 3:26 pm |
|
|
| Just started |
|
Joined: Thu Feb 16, 2006 3:35 am
Posts: 6
|
Dominic wrote: Have you gone through http://www.apple-scripts.com/forums/viewtopic.php?t=28you must have an SSL conection or you will get "server cannot do request" or modify. I take it you are using a Windows Server to host your PHP. You still need to follow the steps to setup authenticated trust. I followed that but I dont use OSX or OpenSSL just PHP and AD.
I am Installing and testing OPENSSL wil let you know.
I do connect to AD SSL with the LDAP tool without problems.
|
|
| |
|
|
|
Dominic
|
Post subject: Posted: Mon Feb 20, 2006 6:00 pm |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
Do you get an error when using:
ldaps://IP
but things bar the password work using
ldap://IP
I have not ported the Certificates to 2003 but would imagine it is a straight import.
How you would then configure PHP to use the certificate might take some work.
It might be easier to stick any unix system running apache. An OS like Red Hat, Mandrake, Darwin will have pre-compiled PHP installers to download.
|
|
| |
|
|
|
Guest
|
Post subject: Posted: Tue Feb 21, 2006 5:25 am |
|
|
|
Dominic wrote: Do you get an error when using: ldaps://IPbut things bar the password work using ldap://IPI have not ported the Certificates to 2003 but would imagine it is a straight import. How you would then configure PHP to use the certificate might take some work. It might be easier to stick any unix system running apache. An OS like Red Hat, Mandrake, Darwin will have pre-compiled PHP installers to download. I am dicking around with OPENSSL, AD 2003 and PHP its possible but I have to really do trial and error.
When I figure it out (and I will) I will share the wealth.
|
|
| |
|
|
|
jphilbert
|
Post subject: Posted: Tue Feb 21, 2006 5:27 am |
|
|
| Just started |
|
Joined: Thu Feb 16, 2006 3:35 am
Posts: 6
|
|
O error only happens when I do ldaps://
|
|
| |
|
|
|
Dominic
|
Post subject: Posted: Tue Feb 21, 2006 10:55 am |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
|
Wait for our Guest to solve the problem or look through the Microsoft / PHP help sheets.
When i last installed PHP on Windows 2003 the config did not seem to have any openssl config folders.
You cannot modify the secure fields in the Active Directory without LDAPS://
Do you have to run 2003 or can you install a Unix OS?
|
|
| |
|
|
|
jphilbert
|
Post subject: Posted: Wed Feb 22, 2006 10:03 pm |
|
|
| Just started |
|
Joined: Thu Feb 16, 2006 3:35 am
Posts: 6
|
Dominic wrote: Wait for our Guest to solve the problem or look through the Microsoft / PHP help sheets.
When i last installed PHP on Windows 2003 the config did not seem to have any openssl config folders.
You cannot modify the secure fields in the Active Directory without LDAPS://
Do you have to run 2003 or can you install a Unix OS?
I am GUEST (forgot to login when I posted)
I found the PHP stuff for the openssl folders and all the other goodies.
Still no luck. I love some insight from you on how to get it to work. It should be able to. My fiddling is not getting the results I am looking for.j
|
|
| |
|
|
|
Dominic
|
Post subject: Posted: Wed Feb 22, 2006 10:44 pm |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
|
The first part of the SSL pdf I wrote will hold true for the certificate.
Are you using a seperate server for your php webserver or running in the same server as your Active Directory?
I ended sticking on Unix after a couple of hours of trying to get this to work with windows.
I wish you luck the Certificates had me banging my head ](*,) for quite a while.
Makes sence when you get it working and look at how the keys for trust work.
One thing that usualy catches people out is they create the wrong level, If you are at top level create an enterprise and if you are not it has GOT to be signed by and enterprise level CA certificate.
|
|
| |
|
|
|
wadewei
|
Post subject: Re: Change Active Directory Password Posted: Mon Jul 20, 2009 8:11 am |
|
|
| Just started |
|
Joined: Mon Jul 20, 2009 8:08 am
Posts: 1
|
|
| |
|
|
|
Dominic
|
Post subject: Re: Change Active Directory Password Posted: Tue Aug 18, 2009 1:23 pm |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
wadewei wrote: permission? For???
|
|
| |
|
|
|
