I'm trying to change user ldap passwords

heres the code

$ds = ldap_connect(LDAP_HOST, LDAP_PORT);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$bind = ldap_bind($ds, 'uid={admin},'.LDAP_BASEDN, '{admin password}');
$userpassword = "{SHA}" . base64_encode(sha1( '{password}', TRUE ));
$userdata = array("userPassword" => $userpassword);
$result = ldap_mod_replace($ds, 'uid={user},'.LDAP_BASEDN, $userdata);

$result returns true
i can even see the userpassword field change when i view the entry

but when i try to bind again using the new password it doesn't work, and the old password still works

running mac server 10.4

Member Avatar


ldap mod replace: see the comments on the php page: http://www.php.net/manual/en/function.ldap-mod-replace.php

Using this function to 'replace' an Active Directory password requires the "Reset Password" security permission as opposed to the "Change Password" permission (which is assigned by default to SELF)