LDAP Change Password Script

[MikeM2468]

I'm not holding out much hope, but I'm hoping to find someone who has successfully created a PHP script that will allow the changing of a user password in LDAP. The LDAP server must be Windows 2008 Active Directory. LDAPS is working. I've tried every method I can find, but none work. I don't know if it's even possible at this point. From all the examples and hybrid solutions, I end up with a mix of errors - invalid credentials, DN syntax errors, invalid object, etc. I'd appreciate any assistance from someone who has gotten this working.

None of these work:

http://ltb-project.org/wiki/documentation/self-service-password

http://forums.devshed.com/ldap-prog...tory-passwords-through-php-and-iis-74683.html

http://technology.mattrude.com/2010/11/ldap-php-change-password-webpage/

http://logout.sh/computers/ldap/

http://deadmemes.net/2011/03/03/simple-cheap-ldap-php-password-changer/

http://stackoverflow.com/questions/2835927/reset-a-ldap-password-with-php

http://www.warden.pl/2009/09/02/php-ldap-change-password-page/

more ...

 

[MikeM2468]

I've gotten it to a "server is unwilling to perform" message which indicates to me that everything else is correct and I have a SSL problem. I confirmed this by removing the "TLS_REQCERT never" from the ldap.conf. It seems that the client must accept the certificate, not ignore it for modify commands to work.

I think I need to add the following to my ldap.conf (adjusted for Windows paths):

TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
TLSCertificateFile /usr/local/etc/openldap/servercrt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/serverkey.pem

But I need clarification as to where these files com from. CA, I know. Is servercrt and serverkey from the LDAP server? I assume it is but I don't see any certs on the LDAP server except the CA.