Delicious Bookmark this on Delicious Share on Facebook SlashdotSlashdot It! Digg! Digg



PHP : Function Reference : LDAP Functions : ldap_mod_replace

ldap_mod_replace

Replace attribute values with new ones (PHP 4, PHP 5)
bool ldap_mod_replace ( resource link_identifier, string dn, array entry )

Replaces one or more attributes from the specified dn. It performs the modification at the attribute level as opposed to the object level. Object-level modifications are done by the ldap_modify() function.

Parameters

link_identifier

An LDAP link identifier, returned by ldap_connect().

dn

The distinguished name of an LDAP entity.

entry

Return Values

Returns TRUE on success or FALSE on failure.

Notes

Note:

This function is binary-safe.

Code Examples / Notes » ldap_mod_replace

chris

You can use arrays for multiple attributes example:
$entry[mail] = array("newmail@aelana.com","altnewmail@aelana.com");
$results = ldap_mod_add($ldapConnID,$dn, $entry);
or as i did for creating anew user:
$adduserAD["objectClass"] = array("top","person","organizationalPerson","user");


eelbait

Using ldap_mod_replace to change a user's password will not set the password using a hashed value, but rather in clear text. There doesn't seem to be a way to use the various password-change protocols (e.g. extended operation) using this API. You might be better off using the ldappasswd command-line tool to perform this function.

joshuastarr

To modify an attribute with a single value:
 $entry[mail] = "newmail@aelana.com";
 $results = ldap_mod_add($ldapConnID,$dn, $entry);
To modify an attribute with multiple values:
 $entry[mail][] = "newmail@aelana.com";
 $entry[mail][] = "altnewmail@aelana.com";
 $results = ldap_mod_add($ldapConnID,$dn, $entry);
To modify multiple attributes
 $entry[mail][] = "newmail@aelana.com";
 $entry[mail][] = "altnewmail@aelana.com";
 $entry[c]      = "US";
 $results = ldap_mod_add($ldapConnID,$dn, $entry);


19-jul-2002 07:32

Sometime,we cannot replace ldap_mod_replace  function  with ldap_mod_del function and ldap_mod_add fuction .We  don't have permission to delete an attribute but  we can replace it.

oyvindmo

ldap_mod_replace() and ldap_modify() are _exactly_ the same.  So, the comment that ldap_mod_replace() "performs the modification at the attribute level as opposed to the object level", has no root in reality.

ondrej

in openldap 2.0.x you can use method with mod_del/mod_add only if the attribute have defined EQUALITY rule.

erwann

If you do not wish to set up SSL on your active directory, and you are running on Windows, you can use COM and ADSI to set the new password for a user, or to active a user:
<?PHP
// to set a user password
 // server is the ldap server
 // newuser_dn is the full dn of the user you want to modify
 // newuser_password is the password you wish to set for the user
   $ADSI = new COM("LDAP:");
   $user = $ADSI->OpenDSObject("LDAP://".$server."/".$newuser_dn, $adminuser, $adminpassword, 1);
   $user->SetPassword($newuser_password);
   $user->SetInfo();
// to activate a user
   $ADSI = new COM("LDAP:");
   $user = $ADSI->OpenDSObject("LDAP://".$server."/".$newuser_dn, $adminuser, $adminpassword, 1);
   $user->AccountDisabled = false;
   $user->SetInfo();
?>


yife

if i want to replace the special attribute but i don't replace other attribute ,i just use "ldap_mod_del" and "ldap_mod_add" ,the function seems to that

mike dot rosile

Here is some great information from the OpenLDAP FAQs regarding changing a userPassword attribute with PHP:
http://www.openldap.org/faq/data/cache/347.html
$userpassword = "{SHA}" . base64_encode( pack( "H*", sha1( $pass ) ) );


frederic dot jacquot

Changing a user password in Active Directory.
Securely connect (using ldaps) to the Active Directory and bind using an administrator account.
In this example, $userDn contains the dn of the user I want to modify, and $ad is the Active Directory ldaps connection)
$newPassword = "MyPassword";
$newPassword = "\"" . $newPassword . "\"";
$len = strlen($newPassword);
for ($i = 0; $i < $len; $i++)
       $newPassw .= "{$newPassword{$i}}\000";
$newPassword = $newPassw;
$userdata["unicodepwd"] = $newPassword;
$result = ldap_mod_replace($ad, $userDn, $userdata);
if ($result) echo "User modified!" ;
else echo "There was a problem!";
I found it hard to get a proper encoding for the unicodepwd attribute so this piece of code might help you ;-)


aaronfulton

Before you modify values in your ldap directory, first make sure that you have permission to do so.  In openldap adding the following acl in slap.conf will allow the user to modify their own userpassword.
access to attr=userPassword
       by self write
       by anonymous auth
       by * none


Change Language


Follow Navioo On Twitter
ldap_8859_to_t61
ldap_add
ldap_bind
ldap_close
ldap_compare
ldap_connect
ldap_count_entries
ldap_delete
ldap_dn2ufn
ldap_err2str
ldap_errno
ldap_error
ldap_explode_dn
ldap_first_attribute
ldap_first_entry
ldap_first_reference
ldap_free_result
ldap_get_attributes
ldap_get_dn
ldap_get_entries
ldap_get_option
ldap_get_values_len
ldap_get_values
ldap_list
ldap_mod_add
ldap_mod_del
ldap_mod_replace
ldap_modify
ldap_next_attribute
ldap_next_entry
ldap_next_reference
ldap_parse_reference
ldap_parse_result
ldap_read
ldap_rename
ldap_sasl_bind
ldap_search
ldap_set_option
ldap_set_rebind_proc
ldap_sort
ldap_start_tls
ldap_t61_to_8859
ldap_unbind
eXTReMe Tracker