Popular Posts

Saturday, February 7, 2015

Change LDAP password using php script

Hey Guys,

Hope you all are doing well :)

Today I would like to share how to change LDAP password using simple web interface (php). We are using openldap configured on linux server and I wanted to make simple web interface to change openldap password, below are the scripts and procedure how did I achieve it.

1. Create a shell script to change ldap password and test it for some user.


E.g. - This is my shell script.

Please note that, values marked with red colour need to be replaced with your ldap configuration settings.


############Start of the Script##############

#!/bin/bash
#Script developed by - Kuldeep Kulkarni

if [ $# -ne 3 ]
then
        echo "Invalid number of arguments!"
        exit 10;
fi


ldappasswd -x -D "cn="Admin account username(e.g. Manager)",dc=your-domain,dc=com" "uid=$1,ou=people,dc=your-domain,dc=com" -a $2 -s $3 -w "your ldap password for admin user"


pass_change_status=$?

if [ $pass_change_status -eq 0 ]
then
        echo "0";
else
        echo  "Found error while resetting your password! Please contact Admin team.";   
fi


############End of the Script##############


2. Save above script as /var/www/html/change_ldap_pass.sh on your openldap server  (assuming here that you have httpd pkg installed on your linux machine )



3. Create /var/www/html/index.php script with below contents on your openldap server



############Start of the Script##############

<?php
$message="";
function changePassword($username, $old_password, $new_password)
{
$return_message=exec("sh change_ldap_pass.sh $username $old_password $new_password");
if($return_message=="0")
 {
   echo "Your password has been Changed!";
 }
 else
 {
        echo "Error while changing password : $return_message";
 }

}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Password Change Page</title>
<style type="text/css">
body { font-family: Verdana,Arial,Courier New; font-size: 0.7em; }
th { text-align: right; padding: 0.8em; }
#container { text-align: center; width: 500px; margin: 5% auto; }
.msg_yes { margin: 0 auto; text-align: center; color: green; background: #D4EAD4; border: 1px solid green; border-radius: 10px; margin: 2px; }
.msg_no { margin: 0 auto; text-align: center; color: red; background: #FFF0F0; border: 1px solid red; border-radius: 10px; margin: 2px; }
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<div id="container">
<h2>Password Change Page</h2>
<p>Your new password must be 8 characters long or longer and have at least:<br/>
one capital letter, one lowercase letter, &amp; one number.<br/>
You must use a new password, your current password<br/>can not be the same as your new password.</p>
<?php
      if (isset($_POST["submitted"])) {
        changePassword($_POST['username'],$_POST['oldPassword'],$_POST['newPassword1'],$_POST['newPassword2']);
}
 ?>
<form action="<?php print $_SERVER['PHP_SELF']; ?>" name="passwordChange" method="post">
<table style="width: 400px; margin: 0 auto;">
<tr><th>Username:</th><td><input name="username" type="text" size="20px" autocomplete="off" /></td></tr>
<tr><th>Current password:</th><td><input name="oldPassword" size="20px" type="password" /></td></tr>
<tr><th>New password:</th><td><input name="newPassword1" size="20px" type="password" /></td></tr>
<tr><th>New password (again):</th><td><input name="newPassword2" size="20px" type="password" /></td></tr>
<tr><td colspan="2" style="text-align: center;" >
<input name="submitted" type="submit" value="Change Password"/>
<button onclick="$('frm').action='changepassword.php';$('frm').submit();">Cancel</button>
</td></tr>
</table>
</form>
</div>
</body>
</html>


############End of the Script##############


4. Hit $IP_address_of_openldap_server or $openldap_server_name/index.php in your browser and it should work!






5. Feel free to comment if you face any issues :)



-Kuldeep Kulkarni
kuldeepkulkarni09@gmail.com