LDAP修改用户信息并防止重复
下面是我的用户修改自己密码的代码。这种形式工作完美。现在的问题是我希望用户能够更改他们的电子邮件、电话甚至姓名。我使用管理员帐户,因此它具有在 LDAP 中搜索每个人并检索有关每个人的所有信息的权限。现在的问题是我不希望用户插入重复项,因此如果一个有电子邮件 [电子邮件受保护] 已存在于 LDAP 中,则不应允许用户输入此电子邮件。姓名和电子邮件也是如此。我不确定如何搜索重复项,我假设它使用 ldap_search 和 ldap_get_entries,但我是 LDAP 编程的新手,所以我需要一些关于如何进行此操作的编程帮助。如果我可以看到一个示例,或者有人可以向我展示一个示例,也许可以防止名称重复和具有管理员权限的 ldap 搜索,那么我可以从那里继续并自己完成其余的工作,但我只是真的被代码部分困住了,而不是逻辑。我找不到太多关于 ldap 文档及其与 PHP 的集成和功能或任何代码片段的示例,因此我只能尝试 PHP 手册中的内容。
PHP:
function changePassword($server,$dn,$user,$oldPassword,$newPassword,$newPasswordCnf){
global $message;
error_reporting(0);
$con=ldap_connect($server);
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
$findWhat = array ("cn","mail","*");
$findWhere = $dn;
$findFilter = "(uid=$user)";
#bind anon and find user by uid
$sr = ldap_search($con,$dn,$findFilter,$findWhat);
$records = ldap_get_entries($con, $sr);
// echo "<pre>";print_r($records);
/* error if found more than one user */
if ($records["count"] != "1") {
$message[] = "Error E100 - Wrong user.";
return false;
}else {
$message[] = "Found user <b>".$records[0]["cn"][0]."</b>";
}
/* try to bind as that user */
if (ldap_bind($con, $records[0]["dn"], $oldPassword) === false) {
$message[] = "Error E104 - Current password is wrong.";
return false;
}
else { echo"TEST";
$sr = ldap_search($con,$dn,$findFilter,$findWhat);
$records = ldap_get_entries($con, $sr);
echo "<pre>";print_r($records);
}
if ($newPassword != $newPasswordCnf ) {
$message[] = "Error E101 - New passwords do not match! ";
return false;
}
if (strlen($newPassword) < 8 ) {
$message[] = "Error E102 - Your new password is too short! ";
return false;
}
if (!preg_match("/[0-9]/",$newPassword)) {
$message[] = "Error E103 - Your password must contain at least one digit. ";
return false;
}
if (!preg_match("/[a-zA-Z]/",$newPassword)) {
$message[] = "Error E103 - Your password must contain at least one letter. ";
return false;
}
$entry = array();
$entry["userPassword"] = "{SHA}" . base64_encode( pack( "H*", sha1( $newPassword ) ) );
if (ldap_modify($con,$records[0]["dn"],$entry) === false){
$message[] = "E200 - Your password cannot be change, please contact the administrator.";
}
else {
$message[] = " Your password has been changed. ";
//mail($records[0]["mail"][0],"Password change notice : ".$user,"Your password has just been changed.");
}
}
?>
HTML:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Change your password</title>
<style type="text/css">
body { font-family: Verdana,Arial,Courier New; font-size: 0.7em; }
input:focus { background-color: #eee; border-color: red; }
th { text-align: right; padding: 0.8em; }
#container { text-align: center; width: 500px; margin: 5% auto; }
ul { text-align: left; list-style-type: square; }
.msg { margin: 0 auto; text-align: center; color: navy; border-top: 1px solid red; border-bottom: 1px solid red; }
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<div id="container">
<h2> Change your LDAP password </h2>
<ul>
<li> Your new password must be 8 characters long and contain at least one letter and one digit. </li>
</ul>
<form method="post">
<table style="width: 400px; margin: 0 auto;">
<tr><th>Username:</th><td><input name="username" type="text" size="20" autocomplete="off" /></td></tr>
<tr><th>Old password:</th><td><input name="oldPassword" type="password" /></td></tr>
<tr><th>New password:</th><td><input name="newPassword1" type="password" /></td></tr>
<tr><th>New password (confirm):</th><td><input name="newPassword2" type="password" /></td></tr>
<tr><td colspan="2" style="text-align: center;" ><input name="submitted" type="submit" value="Login"/></td></tr>
</table>
</form>
<div class="msg">
<?php
if (isset($_POST["submitted"])) {
$rdn = sprintf($dn,$_POST["username"]);
changePassword($server,$dn,$_POST["username"],$_POST["oldPassword"],$_POST["newPassword1"],$_POST["newPassword2"]);
foreach ( $message as $one ) { echo "<p>$one</p>"; }
}
?>
</div>
</div>
</body></html>
Below is my code for a user modifying their own password. This form works flawlessly. Now the problem here is that I want to user to be able to change their email, phone, or even their name. I use an admin account so it has privleges to search up everyone in LDAP and retrieve all information about everyone. Now the problem is I dont want user's inserting duplicates so if a person with email [email protected] already exists in LDAP then the user shouldnt be allowed to enter this email. Same goes for name and email. I am not sure how to do this search for duplicates, I am assuming it uses ldap_search and ldap_get_entries but I am new to programming with LDAP so I am need some programming assistance on how to go about this. If I can see an example or someone can show me an example with perhaps preventing name duplicate and ldap search with admin privleges then I can go on from there and do the rest on my own but I am just really stuck with the code part and not the logic. I can't find too many examples out there on documentation of ldap and its integration and functionality with PHP or any code snippets so I am stuck trying thigns from PHP manual.
PHP:
function changePassword($server,$dn,$user,$oldPassword,$newPassword,$newPasswordCnf){
global $message;
error_reporting(0);
$con=ldap_connect($server);
ldap_set_option($con, LDAP_OPT_PROTOCOL_VERSION, 3);
$findWhat = array ("cn","mail","*");
$findWhere = $dn;
$findFilter = "(uid=$user)";
#bind anon and find user by uid
$sr = ldap_search($con,$dn,$findFilter,$findWhat);
$records = ldap_get_entries($con, $sr);
// echo "<pre>";print_r($records);
/* error if found more than one user */
if ($records["count"] != "1") {
$message[] = "Error E100 - Wrong user.";
return false;
}else {
$message[] = "Found user <b>".$records[0]["cn"][0]."</b>";
}
/* try to bind as that user */
if (ldap_bind($con, $records[0]["dn"], $oldPassword) === false) {
$message[] = "Error E104 - Current password is wrong.";
return false;
}
else { echo"TEST";
$sr = ldap_search($con,$dn,$findFilter,$findWhat);
$records = ldap_get_entries($con, $sr);
echo "<pre>";print_r($records);
}
if ($newPassword != $newPasswordCnf ) {
$message[] = "Error E101 - New passwords do not match! ";
return false;
}
if (strlen($newPassword) < 8 ) {
$message[] = "Error E102 - Your new password is too short! ";
return false;
}
if (!preg_match("/[0-9]/",$newPassword)) {
$message[] = "Error E103 - Your password must contain at least one digit. ";
return false;
}
if (!preg_match("/[a-zA-Z]/",$newPassword)) {
$message[] = "Error E103 - Your password must contain at least one letter. ";
return false;
}
$entry = array();
$entry["userPassword"] = "{SHA}" . base64_encode( pack( "H*", sha1( $newPassword ) ) );
if (ldap_modify($con,$records[0]["dn"],$entry) === false){
$message[] = "E200 - Your password cannot be change, please contact the administrator.";
}
else {
$message[] = " Your password has been changed. ";
//mail($records[0]["mail"][0],"Password change notice : ".$user,"Your password has just been changed.");
}
}
?>
HTML:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Change your password</title>
<style type="text/css">
body { font-family: Verdana,Arial,Courier New; font-size: 0.7em; }
input:focus { background-color: #eee; border-color: red; }
th { text-align: right; padding: 0.8em; }
#container { text-align: center; width: 500px; margin: 5% auto; }
ul { text-align: left; list-style-type: square; }
.msg { margin: 0 auto; text-align: center; color: navy; border-top: 1px solid red; border-bottom: 1px solid red; }
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<div id="container">
<h2> Change your LDAP password </h2>
<ul>
<li> Your new password must be 8 characters long and contain at least one letter and one digit. </li>
</ul>
<form method="post">
<table style="width: 400px; margin: 0 auto;">
<tr><th>Username:</th><td><input name="username" type="text" size="20" autocomplete="off" /></td></tr>
<tr><th>Old password:</th><td><input name="oldPassword" type="password" /></td></tr>
<tr><th>New password:</th><td><input name="newPassword1" type="password" /></td></tr>
<tr><th>New password (confirm):</th><td><input name="newPassword2" type="password" /></td></tr>
<tr><td colspan="2" style="text-align: center;" ><input name="submitted" type="submit" value="Login"/></td></tr>
</table>
</form>
<div class="msg">
<?php
if (isset($_POST["submitted"])) {
$rdn = sprintf($dn,$_POST["username"]);
changePassword($server,$dn,$_POST["username"],$_POST["oldPassword"],$_POST["newPassword1"],$_POST["newPassword2"]);
foreach ( $message as $one ) { echo "<p>$one</p>"; }
}
?>
</div>
</div>
</body></html>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
OpenLDAP 有一个“唯一性”覆盖层正是为此而设计的。您可以通过 slapd.conf 加载它并配置您需要唯一的属性。
OpenLDAP has a 'uniqueness' overlay designed for exactly this. You load it via slapd.conf and configure which attributes you require to be unique.
Ldap 不支持除专有名称之外的字段的唯一约束。您可以搜索这些字段并使用 or 条件在一个查询中执行此操作,但您不会受到 100% 的保护。两个人可以同时提交相同的值,并且可能恰好出现重复的时机。这是一个将搜索姓名或电子邮件的过滤器示例。
如果你成功了,那么你可能有一个重复的。
Ldap doesn't support unique constraints on fields except for the distinguished name. You can search on those fields and use an or condition to do it in one query but you will not be 100% protected. Two people could submit the same values at the same time and the timing could be just right that duplicates could occur. Here's a filter example that will search on name or email.
If you get a hit you have a possible duplicate.