發佈日期:
分類:
如何使用PHP‧讓用戶更改自己的LDAP及SAMBA密碼
01. 更改密碼會分2個檔案執行,第1個檔案會要求用戶提供LDAP伺服器名稱、用戶名稱、舊密碼及新密碼。並會使用javascript,保證輸入內容無誤。
<script language="javascript" type="text/javascript">
function validate_form (form) {
flag=true;
if (form.ip.value=="" || form.id.value=="" || form.op.value=="" || form.np.value=="" || form.vp.value=="") {
alert( "One or more field is empty.");
flag=false;
}
if (form.np.value != form.vp.value) {
alert("New password is invalid.");
flag=false;
}
return flag;
}
</script>
<form id="ldap" name="ldap" method="post" action="ldap_pwd_chg.php" onsubmit="return validate_form(this)">
<p class="title_text">LDAP password modifier:</p>
<p class="content_text">LDAP server IP: <input type="text" name="ip" id="ip" class="content_text" value="127.0.0.1"/></p>
<p class="content_text">Enter your LDAP login ID: <input type="text" name="id" id="id" class="content_text"/></p>
<p class="content_text">Enter current password: <input type="password" name="op" id="op" class="content_text"/></p>
<p class="content_text">Enter new password: <input type="password" name="np" id="np" class="content_text"/></p>
<p class="content_text">Re-type your new password: <input type="password" name="vp" id="vp" class="content_text"/></p>
<p class="content_text">
<input type="submit" name="submit" id="submit" value="Submit" class="content_text" />
<input type="reset" name="reset" id="reset" value="Reset" class="content_text" />
</p>
</form>
02. 用戶輸入資料後,會轉到ldap_pwd_chg.php檔案,執行密碼更改。
03. 程式會以base64_encode方式,為LDAP新密碼加密。
$ldappwd=array('userpassword' => "{MD5}".base64_encode(pack("H*",md5($_POST["np"]))));
04. 而SAMBA新密碼加密工作,則需依靠mkntpwd檔案提供。故系統中必需已安裝好相關檔案。
function createSambaPasswords($password) {
$MKNTPWD="/usr/local/bin/mkntpwd";
$SAMBANTATTR="sambaNTPassword";
$SAMBALMATTR="sambaLMPassword";
$sambaPass = array("sambaLMPassword" => NULL, "sambaNTPassword" => NULL);
if (!(@file_exists($MKNTPWD) && is_executable($MKNTPWD))) {
echo '<p class="remark_text">Missing MKNTPWD ...';
}
$sambaPassCommand = $MKNTPWD . " " . $password;
if($sambaPassCommandOutput = shell_exec($sambaPassCommand)) {
$sambaPass[$SAMBALMATTR] = trim(substr($sambaPassCommandOutput, 0, strPos($sambaPassCommandOutput, ':')));
$sambaPass[$SAMBANTATTR] = trim(substr($sambaPassCommandOutput, strPos($sambaPassCommandOutput, ':') +1));
}
else {
echo '<p class="remark_text">MKNTPWD cannot make NTHashes for Samba ...';
}
return $sambaPass;
}
$sambapwd=createSambaPasswords($_POST["np"]);
05. 完成LDAP及SAMBA新密碼加密工作。程式會連到LDAP伺服器。
$ds=@ldap_connect($ip);
if ($ds) {
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
echo '<p class="content_text">Connection result is '.$ds;
echo '<p class="content_text">Binding with '.$id.' ...</p>';
$result=@ldap_bind($ds,$id,$op);
}
else {
echo '<p class="remark_text">Error: cannot connect to LDAP server.';
}
06. 連接成功後,更改用戶LDAP及SAMBA密碼。
if($result) {
echo '<p class="content_text">Bind result is '.$result.'</p>';
echo '<p class="content_text">Change password ...';
if (ldap_mod_replace ($ds,$id,$ldappwd)) {
echo '<p class="remark_text">LDAP password change, succeded ...';
}
else {
echo '<p class="remark_text">LDAP password change, failed ...';
}
if (ldap_mod_replace ($ds,$id,$sambapwd)) {
echo '<p class="remark_text">SAMBA password change, succeded ...';
}
else {
echo '<p class="remark_text">SAMBA password change, failed ...';
}
}
else {
echo '<p class="remark_text">Error: invalid login id or password.';
}
發佈留言