: Is there an app/script I can deploy to enable my users to change their own LDAP passwords? I've recently enabled LDAP based authentication on my domain. This has allowed us to use a single
I've recently enabled LDAP based authentication on my domain. This has allowed us to use a single set of credentials to administer the blog, the forum and the wiki.
Unfortunately, this has come at the cost of users being able to change their own passwords.
Ideally, users would be able to visit a page (i.e. mydomain.com/account), authenticate and then change their password.
Does anyone know of a script or app that will allow me to do this quickly and easily? I guess it wouldn't be hard to write in PHP, but I'd prefer not to have the hassle.
More posts by @Goswami781
3 Comments
Sorted by latest first Latest Oldest Best
As the original site of phpLdapPasswd is down and Karyl discontinued development, I added a separate github project: github.com/koppor/phpLdapPasswd
Over on Serverfault, Tim pointed me towards a script called phpLdapPassword.
It took about 5 minutes to configure and also provides password reset capabilities.
The only potential problem is that the author is no longer maintaining it.
This page seems to show how to do it:
Once you've started using LDAP for authentication, you'll probably want to let your users change their passwords. Since they might not want to/be able to do a shell login, and change their password with ldappasswd(1), something else, and more user friendly would be nice.
I chose using PHP, which I have compiled with LDAP support. Using Apache with SSL support, the passwords didn't have to travel over the wire in plaintext.
Now, users should only be able to change their own passwords, and nothing but the password. This was acheived with this stanza in slapd.conf
access to attr=userPassword
by self write
by anonymous auth
by * none
The next step then, is authenticating the user, by doing an ldap bind with his credentials:
<?php
if(isset($username) and isset($newpass) and isset($oldpass)) {
$ldapconn = ldap_connect("ldap.example.com", 389);
$ldapbind = @ldap_bind ($ldapconn,"uid=".$username.",dc=example,dc=com",$oldpass);
if($ldapbind) {
// If the bind with the old password succeeds, the user has entered the right username/password combination. To change the passwd we then do:
print "<p>Change password ";
if(ldap_mod_replace ($ldapconn, "uid=".$username.",dc=example,dc=com",
array('userpassword' => "{MD5}".base64_encode(pack("H*",md5($newpass))) {
print "succeded";
}
else {
print "failed";
}
print ".</p>n";
}
?>
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.