public function changePwd($newPwd) { $ldapObj = new Lucid_LDAP($this->configFile); $ldapObj->bind($this->username, $this->password); list($entry, $dn) = $ldapObj->searchUser($this->username, array("sAMAccountName")); $ldapObj->destroy(); $this->loggerObj->log("Changing password for {$this->username}"); $oldPwdEnc = base64_encode(adifyPw($this->password)); $newPwdEnc = base64_encode(adifyPw($newPwd)); $tmpPath = getConfig("tmpPath"); $tmpName = tempnam($tmpPath, "ldap-"); try { $tmpFile = fopen($tmpName, "w+"); fwrite($tmpFile, $this->password); fclose($tmpFile); $cmd = "ldapmodify -H {$ldapObj->url} -D '{$dn}' -x -y {$tmpName}"; $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $child = proc_open(escapeshellcmd($cmd), $descriptorspec, $pipes); $ldif_file = array("dn: {$dn}", "changetype: modify", "delete: unicodePwd", "unicodePwd:: {$oldPwdEnc}", "-", "add: unicodePwd", "unicodePwd:: {$newPwdEnc}", "-"); fwrite($pipes[0], implode("\n", $ldif_file) . "\n"); fclose($pipes[0]); $output1 = stream_get_contents($pipes[1]); $output2 = stream_get_contents($pipes[2]); fclose($pipes[1]); fclose($pipes[2]); $status = proc_close($child); $this->loggerObj->log("LDAPModify exited with status: {$status}"); $this->loggerObj->log("LDAPModify Output: {$output1}\n {$output2}"); return array($status, $output2); } finally { if ($tmpFile) { unlink($tmpName); } } }
public function createUser($fn, $ln, $mn, $uname, $pwd, $groups, $phType, $ph, $domain) { $ldapObj = new Lucid_LDAP($this->configFile); // Use sAMAccountName in commonName $newEntry = array('givenName' => $fn, 'sn' => $ln, 'cn' => $uname, 'name' => "{$fn} {$ln}", 'displayName' => "{$fn} {$ln}", 'objectClass' => array("top", "person", "organizationalPerson", "user"), 'objectCategory' => "CN=Person,CN=Schema,CN=Configuration," . $ldapObj->basedn, 'sAMAccountName' => $uname, 'mail' => "{$uname}@{$domain}", 'userAccountControl' => 512, 'unicodePwd' => adifyPw($pwd)); if (!empty($mn)) { $newEntry['middleName'] = $mn; } if ($phType == "home") { $newEntry['homePhone'] = $ph; } else { if ($phType == "mobile") { $newEntry['mobile'] = $ph; } } // The DN for the new user $dn = ldap_escape("cn={$uname},") . $ldapObj->createUserDn; $ldapObj->bind($this->username, $this->password); $status = $ldapObj->addEntry($dn, $newEntry); if (!empty($groups)) { $this->addUserToGroups($ldapObj, $dn, $groups); } $this->loggerObj->log("ADMIN::info::{$this->username} has successfully created User {$uname} successfully"); $ldapObj->destroy(); return $status; }