-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathldap.php.j2
119 lines (100 loc) · 3.57 KB
/
ldap.php.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
<?php
$server = "{{ ldap_server_domain }}";
//Change if needed
$port = 636; //port = 389;
$dn = "{{ ldap_base_dn }}";
$message = array();
function changePassword($server,$dn,$user,$oldPassword,$newPassword,$newPasswordCnf,$port){
global $message;
$con="";
if ($port==389)
$con=ldap_connect($server, $port) or die("Could not connect to {$server}");
else{
putenv('LDAPTLS_REQCERT=never');
ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
$con=ldap_connect('ldaps://'.$server, $port) or die("Could not connect to {$server}");
}
if ($con === false){
$message[] = "Error E025 - Unable to connect to ldap.";
return false;
}
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
$findWhere = $dn;
$findFilter = "(uid=$user)";
#bind anon and find user by uid
if ( ($sr = ldap_search($con,$dn,$findFilter)) === false) {
$message[] = "Error E050 - User not found.";
return false;
}
$records = ldap_get_entries($con, $sr);
/* error if found more than one user */
if ($records["count"] != "1") {
$message[] = "Error E100 - Wrong user.";
return false;
}else {
$message[] = "Found user <b>".$records[0]["cn"][0]."</b>";
}
/* try to bind as that user */
if (ldap_bind($con, $records[0]["dn"], $oldPassword) === false) {
$message[] = "Error E104 - Current password is wrong.";
return false;
}
if ($newPassword != $newPasswordCnf ) {
$message[] = "Error E101 - New passwords do not match! ";
return false;
}
/* change the password finally */
$entry = array();
$entry["userPassword"] = "{SHA}" . base64_encode( pack( "H*", sha1( $newPassword ) ) );
if (ldap_modify($con,$records[0]["dn"],$entry) === false){
$message[] = "E200 - Your password cannot be change, please contact the administrator.";
}
else {
$message[] = " Your password has been changed. ";
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Change your password</title>
<style type="text/css">
body { font-family: Verdana,Arial,Courier New; font-size: 0.7em; }
input:focus { background-color: #eee; border-color: red; }
th { text-align: right; padding: 0.8em; }
#container { text-align: center; width: 500px; margin: 5% auto; }
ul { text-align: left; list-style-type: square; }
.msg { margin: 0 auto; text-align: center; color: navy; border-top: 1px solid red; border-bottom:
1px solid red; }
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<div id="container">
<h2> Change your LDAP password </h2>
<ul>
<li> Your new password must be 8 characters long and contain at least one letter and one digit.
</li>
</ul>
<form method="post">
<table style="width: 400px; margin: 0 auto;">
<tr><th>Username:</th><td><input name="username" type="text" size="20" autocomplete="off"
/></td></tr>
<tr><th>Old password:</th><td><input name="oldPassword" type="password" /></td></tr>
<tr><th>New password:</th><td><input name="newPassword1" type="password" /></td></tr>
<tr><th>New password (confirm):</th><td><input name="newPassword2" type="password" /></td></tr>
<tr><td colspan="2" style="text-align: center;" ><input name="submitted" type="submit"
value="Change Password"/></td></tr>
</table>
</form>
<div class="msg">
<?php
if (isset($_POST["submitted"])) {
changePassword($server,$dn,$_POST["username"],$_POST["oldPassword"],$_POST["newPassword1"],$_POST["newPassword2"],$port);
foreach ( $message as $one ) { echo "<p>$one</p>"; }
}
?>
</div>
</div>
</body></html>