如何使用 Adldap2-laravel 包更改 AD 用户密码?
How do I change AD user password by using Adldap2-laravel package?
我想更改AD中用户的密码,因为AD中没有密码属性。
目前 运行 laravel 框架带有 Adldap2-laravel 包以管理 ADLDAP 操作。
这是我的 ldap_auth.php
<?php
return [
'connection' => env('LDAP_CONNECTION', 'default'),
'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,
'model' => App\User::class,
'rules' => [
Adldap\Laravel\Validation\Rules\DenyTrashed::class,
],
'scopes' => [
Adldap\Laravel\Scopes\UidScope::class
],
'identifiers' => [
'ldap' => [
'locate_users_by' => 'uid',
'bind_users_by' => 'dn',
],
'database' => [
'guid_column' => 'objectguid',
'username_column' => 'username',
],
'windows' => [
'locate_users_by' => 'samaccountname',
'server_key' => 'AUTH_USER',
],
],
'passwords' => [
'sync' => env('LDAP_PASSWORD_SYNC', false),
'column' => 'password',
],
'login_fallback' => env('LDAP_LOGIN_FALLBACK', false),
'sync_attributes' => [
'username' => 'uid',
'password' => 'userPassword',
'name' => 'cn',
'role' => 'l',
'category' => 'businessCategory',
'telephone_number' => 'telephoneNumber',
'email' => 'mail'
],
'logging' => [
'enabled' => env('LDAP_LOGGING', true),
'events' => [
\Adldap\Laravel\Events\Importing::class => \Adldap\Laravel\Listeners\LogImport::class,
\Adldap\Laravel\Events\Synchronized::class => \Adldap\Laravel\Listeners\LogSynchronized::class,
\Adldap\Laravel\Events\Synchronizing::class => \Adldap\Laravel\Listeners\LogSynchronizing::class,
\Adldap\Laravel\Events\Authenticated::class => \Adldap\Laravel\Listeners\LogAuthenticated::class,
\Adldap\Laravel\Events\Authenticating::class => \Adldap\Laravel\Listeners\LogAuthentication::class,
\Adldap\Laravel\Events\AuthenticationFailed::class => \Adldap\Laravel\Listeners\LogAuthenticationFailure::class,
\Adldap\Laravel\Events\AuthenticationRejected::class => \Adldap\Laravel\Listeners\LogAuthenticationRejection::class,
\Adldap\Laravel\Events\AuthenticationSuccessful::class => \Adldap\Laravel\Listeners\LogAuthenticationSuccess::class,
\Adldap\Laravel\Events\DiscoveredWithCredentials::class => \Adldap\Laravel\Listeners\LogDiscovery::class,
\Adldap\Laravel\Events\AuthenticatedWithWindows::class => \Adldap\Laravel\Listeners\LogWindowsAuth::class,
\Adldap\Laravel\Events\AuthenticatedModelTrashed::class => \Adldap\Laravel\Listeners\LogTrashedModel::class,
],
],
];
这是我的LdapController.php,其中包含重置密码的功能
public function resetPassword(Request $req)
{
$req->validate([
'userid' => 'required',
'password' => 'required|min:6|confirmed'
]);
$userLdap = Adldap::search()->where('uid', $req->userid)->firstOrFail();
$newPassword = "{SHA}" . base64_encode(pack("H*", sha1($req->password)));
$res = $userLdap->update([
'userpassword' => $newPassword
]);
//Force change AD Password
// $adPassword = str_replace("\n", "", shell_exec("echo -n '\"" . $req->password . "\"' | recode latin1..utf-16le/base64"));
// $provider = Adldap\Models\User::connect('ad');
// $dn = $provider->search()->where('cn', $req->userid)->get();
// $res = $dn->setPassword($adPassword);
if ($res) {
return back()->withSuccess('<strong>Success!</strong> Your password has been changed');
} else {
return back()->withErrors('<strong>Failed!</strong> Your password was unable to changed');
}
}
不幸的是 $res = $dn->setPassword($adPassword); returns错误'Method Adldap\Query\Collection::setPassword does not exist.'
我在 Google 中搜索 "Adldap2-laravel change password" 时找到了一个示例 here。
$user = Adldap::users()->find('jdoe');
if ($user instanceof Adldap\Models\User) {
$oldPassword = 'password123';
$newPassword = 'correcthorsebatterystaple';
$user->changePassword($oldPassword, $newPassword);
}
如果您想重设密码,那么这似乎应该可行:
$user->setPassword("correcthorsebatterystaple");
$user->save();
如果你想知道下面发生了什么,或者如果没有 Adldap2 如何做到这一点-laravel:
属性为unicodePwd。您可以 "change" 密码,或 "reset" 密码。
更改密码需要知道旧密码。这是用户自己会做的。
重置密码需要帐户的 "Reset password" 权限,通常授予管理帐户。
documentation for unicodePwd 告诉您如何同时进行。对于 "change",您在同一个请求中发送一条包含旧密码的删除指令和一条包含新密码的添加指令。
对于重置,您发送一条替换指令。
在这两种情况下,密码都必须以特定格式发送。
“ldap_modify_batch”的 PHP 文档 shows an example of how to change a password。
在 ldap_mod_replace 的文档页面上,there is a comment 向您展示了如何重设密码。
我想更改AD中用户的密码,因为AD中没有密码属性。
目前 运行 laravel 框架带有 Adldap2-laravel 包以管理 ADLDAP 操作。
这是我的 ldap_auth.php
<?php
return [
'connection' => env('LDAP_CONNECTION', 'default'),
'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,
'model' => App\User::class,
'rules' => [
Adldap\Laravel\Validation\Rules\DenyTrashed::class,
],
'scopes' => [
Adldap\Laravel\Scopes\UidScope::class
],
'identifiers' => [
'ldap' => [
'locate_users_by' => 'uid',
'bind_users_by' => 'dn',
],
'database' => [
'guid_column' => 'objectguid',
'username_column' => 'username',
],
'windows' => [
'locate_users_by' => 'samaccountname',
'server_key' => 'AUTH_USER',
],
],
'passwords' => [
'sync' => env('LDAP_PASSWORD_SYNC', false),
'column' => 'password',
],
'login_fallback' => env('LDAP_LOGIN_FALLBACK', false),
'sync_attributes' => [
'username' => 'uid',
'password' => 'userPassword',
'name' => 'cn',
'role' => 'l',
'category' => 'businessCategory',
'telephone_number' => 'telephoneNumber',
'email' => 'mail'
],
'logging' => [
'enabled' => env('LDAP_LOGGING', true),
'events' => [
\Adldap\Laravel\Events\Importing::class => \Adldap\Laravel\Listeners\LogImport::class,
\Adldap\Laravel\Events\Synchronized::class => \Adldap\Laravel\Listeners\LogSynchronized::class,
\Adldap\Laravel\Events\Synchronizing::class => \Adldap\Laravel\Listeners\LogSynchronizing::class,
\Adldap\Laravel\Events\Authenticated::class => \Adldap\Laravel\Listeners\LogAuthenticated::class,
\Adldap\Laravel\Events\Authenticating::class => \Adldap\Laravel\Listeners\LogAuthentication::class,
\Adldap\Laravel\Events\AuthenticationFailed::class => \Adldap\Laravel\Listeners\LogAuthenticationFailure::class,
\Adldap\Laravel\Events\AuthenticationRejected::class => \Adldap\Laravel\Listeners\LogAuthenticationRejection::class,
\Adldap\Laravel\Events\AuthenticationSuccessful::class => \Adldap\Laravel\Listeners\LogAuthenticationSuccess::class,
\Adldap\Laravel\Events\DiscoveredWithCredentials::class => \Adldap\Laravel\Listeners\LogDiscovery::class,
\Adldap\Laravel\Events\AuthenticatedWithWindows::class => \Adldap\Laravel\Listeners\LogWindowsAuth::class,
\Adldap\Laravel\Events\AuthenticatedModelTrashed::class => \Adldap\Laravel\Listeners\LogTrashedModel::class,
],
],
];
这是我的LdapController.php,其中包含重置密码的功能
public function resetPassword(Request $req)
{
$req->validate([
'userid' => 'required',
'password' => 'required|min:6|confirmed'
]);
$userLdap = Adldap::search()->where('uid', $req->userid)->firstOrFail();
$newPassword = "{SHA}" . base64_encode(pack("H*", sha1($req->password)));
$res = $userLdap->update([
'userpassword' => $newPassword
]);
//Force change AD Password
// $adPassword = str_replace("\n", "", shell_exec("echo -n '\"" . $req->password . "\"' | recode latin1..utf-16le/base64"));
// $provider = Adldap\Models\User::connect('ad');
// $dn = $provider->search()->where('cn', $req->userid)->get();
// $res = $dn->setPassword($adPassword);
if ($res) {
return back()->withSuccess('<strong>Success!</strong> Your password has been changed');
} else {
return back()->withErrors('<strong>Failed!</strong> Your password was unable to changed');
}
}
不幸的是 $res = $dn->setPassword($adPassword); returns错误'Method Adldap\Query\Collection::setPassword does not exist.'
我在 Google 中搜索 "Adldap2-laravel change password" 时找到了一个示例 here。
$user = Adldap::users()->find('jdoe');
if ($user instanceof Adldap\Models\User) {
$oldPassword = 'password123';
$newPassword = 'correcthorsebatterystaple';
$user->changePassword($oldPassword, $newPassword);
}
如果您想重设密码,那么这似乎应该可行:
$user->setPassword("correcthorsebatterystaple");
$user->save();
如果你想知道下面发生了什么,或者如果没有 Adldap2 如何做到这一点-laravel:
属性为unicodePwd。您可以 "change" 密码,或 "reset" 密码。
更改密码需要知道旧密码。这是用户自己会做的。
重置密码需要帐户的 "Reset password" 权限,通常授予管理帐户。
documentation for unicodePwd 告诉您如何同时进行。对于 "change",您在同一个请求中发送一条包含旧密码的删除指令和一条包含新密码的添加指令。
对于重置,您发送一条替换指令。
在这两种情况下,密码都必须以特定格式发送。
“ldap_modify_batch”的 PHP 文档 shows an example of how to change a password。
在 ldap_mod_replace 的文档页面上,there is a comment 向您展示了如何重设密码。