ldap_mod_replace() [function.ldap-mod-replace]: Modify: Server is unwilling to perform

Question

Getting an error:

Server is unwilling to perform

while changing unicodePwd in AD through PHP. However, I\'m able to search, add,

Answer 1

There are a number of things you need to get exactly right to set a password in AD via LDAP.

• you need to use an SSL connection (ldaps://)

• the password needs to be enclosed in quotes

• the (quoted) password needs to be encoded in 16-bit unicode (UTF-16LE)

Assuming the password you're trying to set is ordinary ascii characters, the unicode conversion can be accomplished by adding a \000 byte after each byte of the ascii string, as shown in this code sample.

So your example would instead look like:

$newpassword = "asdf1234";
$newpassword = "\"" . $newpassword . "\"";
$len = strlen($newpassword);
for ($i = 0; $i < $len; $i++) $newpass .= "{$newpassword{$i}}\000";
$user["unicodePwd"] = $newpass;

Answer 2

After searching a lot and spending a lot of time, I am finally able to modify the active directory user password from PHP code using LDAP library.

We need the LDAP's connection with the active directory server from the PHP code; and that you have to modify the unicodePwd field.

ldap_connect(ldaps://IP, 636);
ldap_connect(ldaps://IP, 389);