Home

Results 1 to 3 of 3

Thread: Setting the password using php's ldap library fails, why?

  1. #1
    Join Date
    Sep 2018
    Posts
    2

    Question Setting the password using php's ldap library fails, why?

    I'm running into issues setting the user's password via PHP's ldap library. Specifically, the ldap_mod_replace function.

    I'm using userPassword as the attribute.

    The php code looks something like:

    PHP Code:
     ldap_mod_replace $server_connnection $user_entry_dn , ['userPassword' => 'password'] ); 
    PHP Code:
    ldap_error($server_connection); 
    returns "Constraint violation".

    All the other attributes can be modified just fine. The bind user is an admin, so permissions should not be an issue.

    Does anyone have a solution to this? Or at least know why PHP can't make the change?

    Thanks!

  2. #2
    Join Date
    Sep 2018
    Posts
    2

    Re: Setting the password using php's ldap library fails, why

    In this case, I tried making the test value longer, and it started working. So for anyone stumbling across this, check that the value of the password meets the password requirements configured in eDirectory.

  3. #3

    Re: Setting the password using php's ldap library fails, why?

    On 09/25/2018 01:14 PM, reagand wrote:
    >
    > In this case, I tried making the test value longer, and it started
    > working. So for anyone stumbling across this, check that the value of
    > the password meets the password requirements configured in eDirectory.


    If you add more logging on the PHP side you should see that NMAS is
    probably sending back a -16xx or -16xxx code in the diagnostic message
    field (https://tools.ietf.org/html/rfc4511#section-4.1.9) telling you
    exactly what is wrong. The admin is not able to violate policy (length,
    character complexity requirements, etc.) but they do not need to abide by
    password history, so if an admin ever cannot set a password, it is likely
    because of password length or complexity or something.

    Another option: set the password via iManager, or Apache Directory Studio,
    just to rule in/out your PHP code.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •