#27060 [Com]: Change Novell passwords via ldap

paca at sci dot fi Mon, 18 Oct 2004 19:57:01 -0700

 ID:               27060
 Comment by:       paca at sci dot fi
 Reported By:      chris dot brown at arlington dot k12 dot va dot us
 Status:           Open
 Bug Type:         Feature/Change Request
 Operating System: NA
 PHP Version:      Irrelevant
 New Comment:


Thanks Chris for this very important patch.
Maintainers, please check this in to PHP 4.x and 5.x ASAP.
Or even better, add support for importing/exporting ldif-files. It
would would be nice also... That feature could be used for this and
other things.


Previous Comments:
------------------------------------------------------------------------

[2004-01-27 11:11:38] chris dot brown at arlington dot k12 dot va dot
us

Description:
------------
/*
----------------------------------------------------------------------
 January 27, 2004 

 This is code I wrote to add to ldap.c under PHP 4.2.1.
 The code was originally written May of 2002
 I was asked to submit it as a feature request to the maintainers
    of the php_ldap module.
 The code allows users to change Novell NDS passwords and Novell
    Simple passwords via the eDirectory 8 LDAP interface.
 The code allows for both user and admin password changes.  If the
    "old" password is not supplied, it assumes that the user must
    have admin rights to change the password.
 The trick to changing the NDS password via LDAP as a user is that
    you have to delete the old value and add the new value in the
    same transaction.

 REF:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2953444.htm
 REF:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10066348.htm

 Chris Brown
 Arlington Public Schools
 1426 North Quincy Street
 Arlington, VA. 22207
 [EMAIL PROTECTED]

----------------------------------------------------------------------
*/


Reproduce code:
---------------
#define LDAP_CONTROL_SIMPLEPASSWORD  "2.16.840.1.113719.1.27.101.5"

/* {{{ proto bool ldap_edir_user_password_change(resource link, string
dn, string oldpassword, string newpassword)
*/
PHP_FUNCTION(ldap_edir_user_password_change)
{                                                                      
                                                                    
        pval **link, **dn, **oldpassword, **newpassword ;

        char *ldap_dn;
        ldap_linkdata *ld;

        char    *oldValues[2], *newValues[2];

        LDAPMod  oldPass, newPass;
        LDAPMod *ldap_mods[4];

        LDAPControl  simplePassword_control;
        LDAPControl *ldap_controls[2];


        char tempstr[255];
        int  err;


 
        if (ZEND_NUM_ARGS() != 4 || zend_get_parameters_ex(4, &link,
&dn, &oldpassword, &newpassword) == FAILURE) {
                WRONG_PARAM_COUNT;
        }

        if (Z_TYPE_PP(oldpassword) != IS_STRING) {
                php_error(E_WARNING, "LDAP: Expected String in thrid
element");
                RETURN_FALSE;
        }
        if (Z_TYPE_PP(newpassword) != IS_STRING) {
                php_error(E_WARNING, "LDAP: Expected String in forth
element");
                RETURN_FALSE;
        }



        ZEND_FETCH_RESOURCE(ld, ldap_linkdata *, link, -1, "ldap link",
le_link);
        convert_to_string_ex(dn);
        convert_to_string_ex(oldpassword);
        convert_to_string_ex(newpassword);



        ldap_dn = Z_STRVAL_PP(dn);


        oldPass.mod_op = LDAP_MOD_DELETE;
        newPass.mod_op = LDAP_MOD_ADD;

        oldPass.mod_type = "userPassword";
        newPass.mod_type = "userPassword";


        oldValues[0] = Z_STRVAL_PP(oldpassword);  oldValues[1] = NULL;
        newValues[0] = Z_STRVAL_PP(newpassword);  newValues[1] = NULL;

        oldPass.mod_values = oldValues;
        newPass.mod_values = newValues;

        /* Setup the SimplePassword server side ldap control*/
        simplePassword_control.ldctl_oid =
"2.16.840.1.113719.1.27.101.5";
        simplePassword_control.ldctl_iscritical = 1;
        simplePassword_control.ldctl_value.bv_val = NULL;
        simplePassword_control.ldctl_value.bv_len = 0 ;

        ldap_controls[0]=&simplePassword_control; 
ldap_controls[1]=NULL;






        /* Set the NDS Password & the Simple Password */

        if ( strlen(oldValues[0])==0 ) { 
            /* Admin Change */
            ldap_mods[0]=&newPass;
            ldap_mods[1]=NULL;
            ldap_mods[2]=NULL;
            ldap_mods[3]=NULL;
            err = ldap_modify_ext_s(ld->link, ldap_dn, ldap_mods,
ldap_controls, NULL);
            err = ldap_modify_ext_s(ld->link, ldap_dn, ldap_mods, NULL,
NULL);
        } 
        else { 
            /* User Change */
            ldap_mods[0]=&newPass;
            ldap_mods[1]=NULL;
            ldap_mods[2]=NULL;
            ldap_mods[3]=NULL;
            err = ldap_modify_ext_s(ld->link, ldap_dn, ldap_mods,
ldap_controls, NULL);

            ldap_mods[0]=&oldPass;
            ldap_mods[1]=&newPass;
            ldap_mods[2]=NULL;
            ldap_mods[3]=NULL;
            err = ldap_modify_ext_s(ld->link, ldap_dn, ldap_mods, NULL,
NULL);
        }

        if (err == LDAP_SUCCESS) { RETVAL_TRUE; }
        else {
            sprintf(tempstr,"LDAP: ERROR %i:
%s",err,ldap_err2string(err)); php_error(E_WARNING, tempstr);
            RETVAL_FALSE;
        } 


}
/* }}} */





------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=27060&edit=1

#27060 [Com]: Change Novell passwords via ldap

Reply via email to