ldap_mod_replace

(PHP 4, PHP 5, PHP 7, PHP 8)

ldap_mod_replaceЗаменить значения атрибутов на новые

Описание

ldap_mod_replace(
    LDAP\Connection $ldap,
    string $dn,
    array $entry,
    ?array $controls = null
): bool

Заменяет один или более атрибутов из указанного dn. Также её можно использовать для удаления или добавления атрибутов.

Список параметров

ldap

Экземпляр LDAP\Connection, который возвращает функция ldap_connect().

dn

Отличительное имя LDAP-объекта.

entry

Ассоциативный массив со списком заменяемых атрибутов. Если задать пустой массив, то атрибут будет удалён. Если какой либо атрибут отсутствует, то он будет добавлен.

controls

Массив управляющих констант LDAP для отправки в запросе.

Возвращаемые значения

Возвращает true в случае успешного выполнения или false в случае возникновения ошибки.

Список изменений

Версия Описание
8.1.0 Параметр ldap теперь ожидает экземпляр LDAP\Connection; ранее ожидался ресурс (resource) ldap link .
8.0.0 controls теперь допускает значение null; ранее значение по умолчанию было [].
7.3.0 Добавлена поддержка параметра controls

Примечания

Замечание: Эта функция безопасна для обработки данных в двоичной форме.

Смотрите также

  • ldap_mod_replace_ext() - Заменить значения атрибута на новые
  • ldap_mod_del() - Удалить значения атрибута из текущих атрибутов
  • ldap_mod_add() - Добавить значения атрибута к текущим атрибутам
  • ldap_modify_batch() - Формирования и запуск пакетного изменения записи LDAP

add a note add a note

User Contributed Notes 14 notes

up
12
chris at mr2madness dot com
17 years ago
You can use arrays for multiple attributes example:

<?php
$entry
[mail] = array("example@example.com","example2@example.com");
$results = ldap_mod_add($ldapConnID,$dn, $entry);
?>
or as i did for creating anew user:
<?php
$adduserAD
["objectClass"] = array("top","person","organizationalPerson","user");
?>
up
2
mike dot rosile at interzonegames dot com
17 years ago
Here is some great information from the OpenLDAP FAQs regarding changing a userPassword attribute with PHP:

http://www.openldap.org/faq/data/cache/347.html

$userpassword = "{SHA}" . base64_encode( pack( "H*", sha1( $pass ) ) );
up
1
Anonymous
12 years ago
this can not be used to change a password on an AD server that requires you to send the old and new password.

in order to do this use on shuts an sever make an admin-account that allows to change other ppl pw without suppling the old password first.
up
1
JoshuaStarr at aelana dot com
23 years ago
To modify an attribute with a single value:
  $entry[mail] = "newmail@aelana.com";
  $results = ldap_mod_add($ldapConnID,$dn, $entry);

To modify an attribute with multiple values:
  $entry[mail][] = "newmail@aelana.com";
  $entry[mail][] = "altnewmail@aelana.com";
  $results = ldap_mod_add($ldapConnID,$dn, $entry);

To modify multiple attributes
  $entry[mail][] = "newmail@aelana.com";
  $entry[mail][] = "altnewmail@aelana.com";
  $entry[c]      = "US";
  $results = ldap_mod_add($ldapConnID,$dn, $entry);
up
1
frederic dot jacquot at insa-lyon dot fr
20 years ago
Changing a user password in Active Directory.
Securely connect (using ldaps) to the Active Directory and bind using an administrator account.

In this example, $userDn contains the dn of the user I want to modify, and $ad is the Active Directory ldaps connection)

$newPassword = "MyPassword";
$newPassword = "\"" . $newPassword . "\"";
$len = strlen($newPassword);
for ($i = 0; $i < $len; $i++)
        $newPassw .= "{$newPassword{$i}}\000";
$newPassword = $newPassw;
$userdata["unicodepwd"] = $newPassword;
$result = ldap_mod_replace($ad, $userDn, $userdata);
if ($result) echo "User modified!" ;
else echo "There was a problem!";

I found it hard to get a proper encoding for the unicodepwd attribute so this piece of code might help you ;-)
up
1
ondrej at sury dot cz
22 years ago
in openldap 2.0.x you can use method with mod_del/mod_add only if the attribute have defined EQUALITY rule.
up
0
dynamik
11 years ago
Using this function to 'replace' an Active Directory password requires the "Reset Password" security permission as opposed to the "Change Password" permission (which is assigned by default to SELF)
up
0
oyvindmo at initio dot no
24 years ago
ldap_mod_replace() and ldap_modify() are _exactly_ the same.  So, the comment that ldap_mod_replace() "performs the modification at the attribute level as opposed to the object level", has no root in reality.
up
-1
aaronfulton at softhome dot net
18 years ago
Before you modify values in your ldap directory, first make sure that you have permission to do so.  In openldap adding the following acl in slap.conf will allow the user to modify their own userpassword.

access to attr=userPassword
        by self write
        by anonymous auth
        by * none
up
-1
yife at myrice-ltd dot com
24 years ago
if i want to replace the special attribute but i don't replace other attribute ,i just use "ldap_mod_del" and "ldap_mod_add" ,the function seems to that
up
-2
erwann at zeflip dot com
18 years ago
If you do not wish to set up SSL on your active directory, and you are running on Windows, you can use COM and ADSI to set the new password for a user, or to active a user:

<?PHP
// to set a user password
  // server is the ldap server
  // newuser_dn is the full dn of the user you want to modify
  // newuser_password is the password you wish to set for the user

   
$ADSI = new COM("LDAP:");
   
$user = $ADSI->OpenDSObject("LDAP://".$server."/".$newuser_dn, $adminuser, $adminpassword, 1);
   
$user->SetPassword($newuser_password);
   
$user->SetInfo();

// to activate a user
   
$ADSI = new COM("LDAP:");
   
$user = $ADSI->OpenDSObject("LDAP://".$server."/".$newuser_dn, $adminuser, $adminpassword, 1);
   
$user->AccountDisabled = false;
   
$user->SetInfo();

?>
up
-1
plex909
16 years ago
Here's an easy way to encode AD "unicodepwd" values from linux...

Download and install recode...
http://www.gnu.org/software/recode/recode.html

Then write something like this...
<?php
function ADUnicodePwdValue($plain_txt_value)
{
    return
str_replace("\n", "", shell_exec("echo -n '\"" . $plain_txt_value . "\"' | recode latin1..utf-16le/base64"));
}

$user["unicodepwd"] = ADUnicodePwdValue("my_password");

?>

[EDITOR thiago NOTE: The following text was sent by boyvanderlaak at gmail dot com as an important complement]

if you do not have access to your linux box but have Multibyte String enabled you could try the following for AD 2008:

<?php
$info
["unicodePwd"] = mb_convert_encoding('"' . $newPassword . '"', 'utf-16le');
?>
up
-2
Anonymous
22 years ago
Sometime,we cannot replace ldap_mod_replace  function  with ldap_mod_del function and ldap_mod_add fuction .We  don't have permission to delete an attribute but  we can replace it.
up
-2
giodev at panozzo dot it
4 years ago
An bettter method to create the unicodePwd Active Directory LDAP field from PHP is:

$unicodePwd = iconv("UTF-8", "UTF-16LE", "\"".$password."\"");

It works when $password is coming from a UTF-8 page. If your $password is not utf-8, change the 1st parameter of iconv.
To Top