Hi,
As explained in http://bugs.php.net/bug.php?id=45477 it's not possible
to change the userPassword attribute using PHP on NDS/AD because these
LDAP servers require to perform the deleteAttribute and addAttribute
operations in the same LDAP request.
Currently working at Hachette-Livre (Paris, France), we're experiencing
this bug and the developer who wrote the app I'm working on was forced
to use a BIG hack to perform an password changing request : he calls a
Java app who does the LDAP request by using a system(). Admit it, it's ugly.
So i've made a patch which fixes the bug. It creates a
ldap_mod_deleteadd function which delete an attribute and adding it in
the same LDAP request.
Some parts of the code is imported from pam_ldap.
The syntax is pretty obvious (but not very clean asap, i wanted to know
if you like my function before making it as pretty as ldap_mod_replace) :
ldap_mod_deleteadd(resource link, string dn, string attr, string old,
string new[, boolean binary = false])
The boolean binary attribute is here for AD which uses an unicode
encoded password (and so needs LDAP_MOD_BVALUES).
Currently waiting for your insults :)
Alexis ROBERT
alexis.robert@gmail.com