2

我想更改 AD 中用户的密码,因为 AD 中没有密码属性。

当前运行带有 Adldap2-laravel 包的 laravel 框架,以管理 ADLDAP 操作。

这是我的 ldap_auth.php

<?php

return [
    'connection' => env('LDAP_CONNECTION', 'default'),
    'provider' => Adldap\Laravel\Auth\DatabaseUserProvider::class,
    'model' => App\User::class,
    'rules' => [
        Adldap\Laravel\Validation\Rules\DenyTrashed::class,
    ],
    'scopes' => [
        Adldap\Laravel\Scopes\UidScope::class
    ],
    'identifiers' => [
        'ldap' => [
            'locate_users_by' => 'uid',
            'bind_users_by' => 'dn',
        ],
        'database' => [
            'guid_column' => 'objectguid',
            'username_column' => 'username',
        ],
        'windows' => [
            'locate_users_by' => 'samaccountname',
            'server_key' => 'AUTH_USER',
        ],
    ],
    'passwords' => [
        'sync' => env('LDAP_PASSWORD_SYNC', false),
        'column' => 'password',
    ],
    'login_fallback' => env('LDAP_LOGIN_FALLBACK', false),
    'sync_attributes' => [
        'username' => 'uid',
        'password' => 'userPassword',
        'name' => 'cn',
        'role' => 'l',
        'category' => 'businessCategory',
        'telephone_number' => 'telephoneNumber',
        'email' => 'mail'

    ],
    'logging' => [

        'enabled' => env('LDAP_LOGGING', true),

        'events' => [

            \Adldap\Laravel\Events\Importing::class                 => \Adldap\Laravel\Listeners\LogImport::class,
            \Adldap\Laravel\Events\Synchronized::class              => \Adldap\Laravel\Listeners\LogSynchronized::class,
            \Adldap\Laravel\Events\Synchronizing::class             => \Adldap\Laravel\Listeners\LogSynchronizing::class,
            \Adldap\Laravel\Events\Authenticated::class             => \Adldap\Laravel\Listeners\LogAuthenticated::class,
            \Adldap\Laravel\Events\Authenticating::class            => \Adldap\Laravel\Listeners\LogAuthentication::class,
            \Adldap\Laravel\Events\AuthenticationFailed::class      => \Adldap\Laravel\Listeners\LogAuthenticationFailure::class,
            \Adldap\Laravel\Events\AuthenticationRejected::class    => \Adldap\Laravel\Listeners\LogAuthenticationRejection::class,
            \Adldap\Laravel\Events\AuthenticationSuccessful::class  => \Adldap\Laravel\Listeners\LogAuthenticationSuccess::class,
            \Adldap\Laravel\Events\DiscoveredWithCredentials::class => \Adldap\Laravel\Listeners\LogDiscovery::class,
            \Adldap\Laravel\Events\AuthenticatedWithWindows::class  => \Adldap\Laravel\Listeners\LogWindowsAuth::class,
            \Adldap\Laravel\Events\AuthenticatedModelTrashed::class => \Adldap\Laravel\Listeners\LogTrashedModel::class,

        ],
    ],

];

这是我的 LdapController.php,其中包含重置密码的功能

public function resetPassword(Request $req)
    {
        $req->validate([
            'userid' => 'required',
            'password' => 'required|min:6|confirmed'
        ]);
        $userLdap = Adldap::search()->where('uid', $req->userid)->firstOrFail();
        $newPassword = "{SHA}" . base64_encode(pack("H*", sha1($req->password)));
        $res = $userLdap->update([
            'userpassword' => $newPassword
        ]);

        //Force change AD Password
        // $adPassword = str_replace("\n", "", shell_exec("echo -n '\"" . $req->password . "\"' | recode latin1..utf-16le/base64"));
        // $provider = Adldap\Models\User::connect('ad');
        // $dn = $provider->search()->where('cn', $req->userid)->get();
        // $res = $dn->setPassword($adPassword);

        if ($res) {
            return back()->withSuccess('<strong>Success!</strong> Your password has been changed');
        } else {
            return back()->withErrors('<strong>Failed!</strong> Your password was unable to changed');
        }
    }

不幸的是 $res = $dn->setPassword($adPassword); 返回错误“方法 Adldap\Query\Collection::setPassword 不存在。”

4

1 回答 1

1

当我在 Google 上搜索“Adldap2-laravel 更改密码”时,我在这里找到了一个示例。

$user = Adldap::users()->find('jdoe');

if ($user instanceof Adldap\Models\User) {
    $oldPassword = 'password123';

    $newPassword = 'correcthorsebatterystaple';

    $user->changePassword($oldPassword, $newPassword);
}

如果您想重置密码,那么看起来应该可以:

$user->setPassword("correcthorsebatterystaple");
$user->save();

如果你想知道下面发生了什么,或者在没有 Adldap2-laravel 的情况下如何完成:

属性是unicodePwd。您可以“更改”密码或“重置”密码。

更改密码需要知道旧密码。这是用户自己会做的事情。

重置密码需要帐户的“重置密码”权限,该权限通常授予管理帐户。

文档unicodePwd告诉您如何做到这两点。对于“更改”,您发送带有旧密码的删除指令和带有新密码的添加指令,所有这些都在同一个请求中。

对于重置,您发送一个替换指令。

在这两种情况下,密码都必须以特定格式发送。

'ldap_modify_batch` 的 PHP 文档显示了如何更改密码的示例

在 的文档页面上ldap_mod_replace有一条注释向您展示了如何重置密码。

于 2019-10-30T12:45:13.653 回答