| Author |
Message |
|
Dominic
|
Post subject: Change Active Directory Password  Posted: Wed Aug 03, 2005 1:34 pm |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
|
Download the Zip and extract to your web server
make the changes to the php as layed out in the read me.
This will allow your users to change there Active Directory password online using a secure 128bit ssl conection.
also password policys are still inforced.
You will need to be loged in to download.
please post any problems here.
You do not have the required permissions to view the files attached to this post.
|
|
  |
|
 |
|
Dominic
|
Post subject: error on the finduser.php Posted: Wed Sep 28, 2005 3:42 pm |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
error on the finduser.php
change
Code:
$filter = "(cn=$username)";
to
$filter = "(samaccountname=$username)";
Last edited by Dominic on Sat Nov 12, 2005 2:39 pm, edited 2 times in total.
|
|
| |
|
|
|
Guest
|
Post subject: Zip file? Posted: Fri Oct 28, 2005 2:05 pm |
|
|
|
|
Am I being dim or is there no zip file here?
|
|
| |
|
|
|
osxboy
|
Post subject: I am dim Posted: Fri Oct 28, 2005 2:07 pm |
|
 |
| Just started |
 |
Joined: Fri Oct 28, 2005 2:02 pm
Posts: 1
Location: Southampton UK
|
|
Didn't relaise I'd logged out!
Doh!
|
|
| |
|
|
|
colesy
|
Post subject: Posted: Tue Jan 31, 2006 3:42 am |
|
|
| Not quite half way |
 |
Joined: Sat Dec 17, 2005 2:29 am
Posts: 82
|
|
I haven't looked, but I doubt this does it... Is it possible to reset a users password via php? Not change a password, but reset.. Like give permissions to a specific group to be able to reset a certain users password if needed... This would be much better then giving these people access to the server, and only access to reset passwords, rather then messaging me to do a password change.
|
|
| |
|
|
|
Dominic
|
Post subject: Posted: Tue Jan 31, 2006 10:03 am |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
|
It would not be difficult to have a group change someone else's password.
When you say reset are you talking about reseting if the account is locked?
or setting the password to what it was first set to.
Users can only ever change there own password much as they can with Kerberos, but this can be modified.
How ever this method will work with or without Kerberos and for any client with a web browser.
Let me know what you are after and i am sure that we can write the code to suit your needs.
|
|
| |
|
|
|
colesy
|
Post subject: Posted: Tue Jan 31, 2006 2:19 pm |
|
|
| Not quite half way |
|
Joined: Sat Dec 17, 2005 2:29 am
Posts: 82
|
|
When I say reset I mean the same as you would if you were in Active Directory and you right click on a user, and select reset password. It asks for the new password, confirm new password, and a checkbox asking if they should be forced to changed the password on first login. That way if a student forgets their password a teacher is able to login and reset the password via a web page.
|
|
| |
|
|
|
Dominic
|
Post subject: Posted: Tue Jan 31, 2006 4:09 pm |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
colesy wrote: When I say reset I mean the same as you would if you were in Active Directory and you right click on a user, and select reset password. It asks for the new password, confirm new password, and a checkbox asking if they should be forced to changed the password on first login. That way if a student forgets their password a teacher is able to login and reset the password via a web page.
That would be easy.
You can set a group to replace the password with a new password regardless of what the old password was.
If you want me to write the PHP for this let me know.
|
|
| |
|
|
|
colesy
|
Post subject: Posted: Tue Jan 31, 2006 4:21 pm |
|
|
| Not quite half way |
|
Joined: Sat Dec 17, 2005 2:29 am
Posts: 82
|
|
That would be awesome if you could!
|
|
| |
|
|
|
Dominic
|
Post subject: Password Posted: Wed Feb 01, 2006 12:26 pm |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
here you go
this will allow anyone to change the password for any user
use the restrict setting in your web server to only allow groups or users to access this
change the following in userchange
$dn = "OU / DN Path i.e OU=Account,DC=server,DC=com";
$ad = "ldaps://IP of Server";
$au = "admin@domain"; // administrator username @ domain i.e admin@server.com
$Pass = "Admin Password";
let me know if thats what you were after
You do not have the required permissions to view the files attached to this post.
|
|
| |
|
|
|
colesy
|
Post subject: Posted: Wed Feb 01, 2006 6:44 pm |
|
|
| Not quite half way |
|
Joined: Sat Dec 17, 2005 2:29 am
Posts: 82
|
|
Trying this out now.. but getting Could not connect error.. So I am not making it very far.. This is the settings I have:
$dn = "OU=Students,OU=Users,OU=HCSS,OU=Schools,DC=alcdsb,DC=on,DC=ca";
$ad = "ldaps://10.22.35.4";
$au = "user@alcdsb.on.ca";
$Pass = "password";
I am assuming my OU's are the path to the container where the user accounts I want to edit are.. I was told I need to put it in backwards, which I did..
Also, I see that I have to specify $au, and $Pass. This is the user account that has permissions to reset passwords right? If so, can I use variables in that field? Basically I would make a user input their username in password to authenticate, then they specify the username of the user that needs their password reset, then put in the password.. How would we integrate the option to force user to change password on next login.
Thanks agian!
|
|
| |
|
|
|
Dominic
|
Post subject: Posted: Thu Feb 02, 2006 10:01 am |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
The user is a admin
admin@HCSS.Schools.alcdsb.on.ca
adminpass
the $dn = LDAP path to users.
This will allow anyone who can run this script to reset the password of anyuser. (because it uses admin)
You still need a SSL conection to the AD as you are running LDAPS.
the username and password page is for the user who's password you want to chnage.
|
|
| |
|
|
|
colesy
|
Post subject: Posted: Mon Feb 13, 2006 12:25 am |
|
|
| Not quite half way |
|
Joined: Sat Dec 17, 2005 2:29 am
Posts: 82
|
|
Would there be away to create a page to have someone login.. Check to see if they have authenticated, then check to make sure they are part of a specific group. If not do not allow them access to change the password.. If they are then let them change the password..
Once they have authenticated, and have passed the group check, then allow them to enter the info to change a user's password..
I have some other features I would like to implement as well.. Like user search, and pull the full name of the user to verify the username is actually the user you want to change. I should be able to code this myself once I get the main part working..
|
|
| |
|
|
|
Dominic
|
Post subject: Posted: Tue Feb 14, 2006 2:03 pm |
|
Joined: Wed May 18, 2005 3:53 pm
Posts: 293
Location: UK
|
colesy wrote: Would there be away to create a page to have someone login.. Check to see if they have authenticated, then check to make sure they are part of a specific group. If not do not allow them access to change the password.. If they are then let them change the password..
Once they have authenticated, and have passed the group check, then allow them to enter the info to change a user's password..
I have some other features I would like to implement as well.. Like user search, and pull the full name of the user to verify the username is actually the user you want to change. I should be able to code this myself once I get the main part working..
Should not be difficult to code.
As soon as I get some free time we can code out what you are after.
the LDAP lookup will me memberof
so if ($someone == $i have done a search to find groups) then ok; else do nothing;
|
|
| |
|
|
|
jphilbert
|
Post subject: Posted: Thu Feb 16, 2006 4:06 am |
|
|
| Just started |
|
Joined: Thu Feb 16, 2006 3:35 am
Posts: 6
|
|
I new to this but would there be a way to... hmm make it possible to add a question like "Your last four numbers in your SS#"
to the notes section of AD and answers.
So users can reset there owe account if there needed to.??
Understand?
FYI: Zipping the Images would be real nice. Or you can send to me private.
You do not have the required permissions to view the files attached to this post.
Last edited by jphilbert on Thu Feb 16, 2006 1:18 pm, edited 1 time in total.
|
|
| |
|
|
|
