reagand Absent Member.
Absent Member.
718 views

Setting the password using php's ldap library fails, why?

I'm running into issues setting the user's password via PHP's ldap library. Specifically, the ldap_mod_replace function.

I'm using userPassword as the attribute.

The php code looks something like:

[PHP] ldap_mod_replace ( $server_connnection , $user_entry_dn , ['userPassword' => 'password'] );[/PHP]

[PHP]ldap_error($server_connection);[/PHP] returns "Constraint violation".

All the other attributes can be modified just fine. The bind user is an admin, so permissions should not be an issue.

Does anyone have a solution to this? Or at least know why PHP can't make the change?

Thanks!
Labels (1)
0 Likes
2 Replies
reagand Absent Member.
Absent Member.

Re: Setting the password using php's ldap library fails, why

In this case, I tried making the test value longer, and it started working. So for anyone stumbling across this, check that the value of the password meets the password requirements configured in eDirectory.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Setting the password using php's ldap library fails, why?

On 09/25/2018 01:14 PM, reagand wrote:
>
> In this case, I tried making the test value longer, and it started
> working. So for anyone stumbling across this, check that the value of
> the password meets the password requirements configured in eDirectory.


If you add more logging on the PHP side you should see that NMAS is
probably sending back a -16xx or -16xxx code in the diagnostic message
field (https://tools.ietf.org/html/rfc4511#section-4.1.9) telling you
exactly what is wrong. The admin is not able to violate policy (length,
character complexity requirements, etc.) but they do not need to abide by
password history, so if an admin ever cannot set a password, it is likely
because of password length or complexity or something.

Another option: set the password via iManager, or Apache Directory Studio,
just to rule in/out your PHP code.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.