How to connect a script made in PHP LDAP with Windows AD using SSL connection?

4

I have the PHP code in LDAP to change password in Active Directory:

<?php

$usuario="xxx";
$senha_atual="0000";
$senha_nova="11111";
$pessoas="casa.cafe.br";
$servidor="1.1.1.1";
$porta=389;
$portas=636;
$base="CN=$usuario,CN=Users,DC=casa,DC=cafe,DC=br";
$rdn=$usuario."@".$pessoas;

$con = @ldap_connect("ldap://".$servidor, $portas) or die("Erro na conexao ao servidor {$servidor}");
if ($con) {

    ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($con, LDAP_OPT_REFERRALS, 0);

    $bind = ldap_bind($con, $rdn, $senha_atual);
    echo "Passou do ldap_bind($con, $usuario."@".$pessoas, $senha_atual);";
    // verify binding
    if ($bind) {

            $userdata["mail"] = "[email protected]";
            $userdata["unicodepwd"] = iconv( 'UTF-8', 'UTF-16LE', "\"".$senha_nova."\"" );

            echo "<pre>";
            var_dump($userdata);
            echo "</pre>";

            $rs = ldap_modify($con, $base, $userdata);

            echo "<br><br>";
            ldap_get_option($con,LDAP_OPT_ERROR_STRING,$error);
            echo $error;
            echo "<br><br>";

            if ($rs) {

                  $msg="Senha foi atualizada com sucesso!";

              }else{

                  $msg="Ocorreu um erro ao trocar a senha! Contate o Administrador.";

              }

    } else {

         $msg="Usuario inexistente ou senha incorreta! Tente novamente.";

    }
}
?>

When I try to change the user password it shows the following message:

  Warning: ldap_modify (): Modify: Server is unwilling to perform in

Using the code:

ldap_get_option($con,LDAP_OPT_ERROR_STRING,$error);

echo $error;

Show this message:

  

0000001F: SvcErr: DSID-031A129B, problem 5003 (WILL_NOT_PERFORM), date 0

Researching found solutions that say to be able to change the precise password of a PHP SSL connection with Windows AD, how can I configure PHP from my local machine running XAMPP and Windows AD to be able to connect via SSL ?

obs .: Using XAMPP with PHP Version 7.1.1 (Local Machine) and Windows Server 2012 (Network Server).

    
asked by anonymous 05.05.2017 / 18:44

1 answer

3

Friend first SSL must be configured on your LDAP server. Once this is done, there are 2 details to be noticed: ldap: // will be with S at the end ldaps: // ... And it is necessary that the certificate is also client side, configure its path as an environment variable! Doing this works:)

<?php

putenv('LDAPTLS_CACERT=./ca.pem'); //caminho para o seu CERTIFICADO
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);

//AS LINHAS ACIMA DEVE IR ANTES DO SEU ldap_connect() 

$l = ldap_connect("ldaps://ldap/"); //ATENTE-SE AO LDAPS
ldap_set_option($l, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_bind($l, "cn=SeuCN,dc=SeuDC", "xxxxxxx");
echo(ldap_error($l)."\n");
$s = ldap_search($l, "dc=SeuDC", "uid=test");
echo(ldap_count_entries($l, $s)."\n");
?>
    
08.05.2017 / 14:31