I'm trying to change an user password in php adldap, but it gives me this exception "error 50: inssuficient access", and it's not a permissions problems because i was able to change it from a java application.
Asked
Active
Viewed 182 times
2 Answers
0
Yeah, but php and java run a bit differently, php runs on apache, apache is ran by user. So you need to see if user who runs apache has proper access.
olexity
- 105
- 4
-
But in the same scenario wit php i can change the password with another user, and technically i'm using the same user in apache – user3393207 Mar 07 '14 at 16:14
0
Thought I'd post my findings here.
So by default the security of AD users allows SELF to change password. Changing the password requires the current and new password. The adLDAP password function only allows us to pass the new password. This is considered a password reset. Even if you authenticate the user before calling the password function it is still doing a password reset. If you change SELF to allow password reset it works. This probably isn't a good idea since any malicious software could change the password of the user without knowing the current password. So the long and short of it is that you'll have to provide admin user and password in adLDAP configuration to change passwords. You can still require the user to authenticate first to prove it is them, but the actual password reset will be done by the admin user.
Maybe the author could allow for a third optional parameter on the password change function, in the future, that would cause a password change operation.
