Here is a sample of an LDIF File that allow to create a user with his password on an SSL connexion, you will find the way I generate the base 64 string for the password :
# Imported with :
# ldifde -i -t 636 -f .\Annuaire3.ldf
# Password generated by ("" must be encoded inside):
# stringconverter.exe \"test.2011\" /unicode /encode
# Connexion then tested with :
# runas /user:jdupont cmd.exe (password is test.2011)
dn: cn=Jean Dupont,OU=MonOU,DC=societe0,DC=fr
changetype: add
objectClass: user
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Jean Dupont
givenName: Jean
sn: Dupont
mail: [email protected]
telephoneNumber: 9999
userAccountControl: 544
sAMaccountName: jdupont
userPrincipalName: [email protected]
unicodePwd:: IgB0AGUAcwB0AC4AMgAwADEAMQAiAA==
发布评论
评论(1)
使用 PHP,您可以使用 LDAP 通过 SSL 连接上的简单绑定来更改 AD 用户密码。
为此,您需要在 AD 服务器上安装证书。简单的方法(不是更有吸引力)是在您的域上安装 Microsoft 证书服务器(企业安装请参阅 配置 Microsoft Active Directory 以进行 SSL 访问),然后重新启动域控制器。您还可以使用 OpenSSL 生成证书并将其安装在计算机上(请参阅如何通过具有第三方证书颁发机构的 SSL)。
以下是 LDIF 文件的示例,该文件允许在 SSL 连接上使用其密码创建用户,您将找到我生成密码的基本 64 字符串的方法:
Using PHP, you can change an AD user password using LDAP with a simple bind on an SSL connexion.
For this you need to install a certificate on you AD server. The simple way (not the more attractive) is to install Microsoft Certificate Server on your domain (Enterprise installation see Configuring Microsoft Active Directory for SSL Access) and then to reboot your domain controler. You can also generate a certificate with OpenSSL and install it on the computer (see How to enable LDAP over SSL with a third-party certification authority).
Here is a sample of an LDIF File that allow to create a user with his password on an SSL connexion, you will find the way I generate the base 64 string for the password :