PHP
downloads | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links | conferences | my php.net

search for in the

ldap_modify> <ldap_mod_del
Last updated: Fri, 22 Aug 2008

view this page in

ldap_mod_replace

(PHP 4, PHP 5)

ldap_mod_replaceReplace attribute values with new ones

Description

bool ldap_mod_replace ( resource $link_identifier , string $dn , array $entry )

Replaces one or more attributes from the specified dn . It performs the modification at the attribute level as opposed to the object level. Object-level modifications are done by the ldap_modify() function.

Parameters

link_identifier

An LDAP link identifier, returned by ldap_connect().

dn

The distinguished name of an LDAP entity.

entry

Return Values

Returns TRUE on success or FALSE on failure.

Notes

Note: This function is binary-safe.

See Also



ldap_modify> <ldap_mod_del
Last updated: Fri, 22 Aug 2008
 
add a note add a note User Contributed Notes
ldap_mod_replace
chris at mr2madness dot com
18-Sep-2007 04:44
You can use arrays for multiple attributes example:

$entry[mail] = array("newmail@aelana.com","altnewmail@aelana.com");
$results = ldap_mod_add($ldapConnID,$dn, $entry);

or as i did for creating anew user:

$adduserAD["objectClass"] = array("top","person","organizationalPerson","user");
mike dot rosile at interzonegames dot com
20-Jul-2007 06:01
Here is some great information from the OpenLDAP FAQs regarding changing a userPassword attribute with PHP:

http://www.openldap.org/faq/data/cache/347.html

$userpassword = "{SHA}" . base64_encode( pack( "H*", sha1( $pass ) ) );
aaronfulton at softhome dot net
04-Dec-2006 05:24
Before you modify values in your ldap directory, first make sure that you have permission to do so.  In openldap adding the following acl in slap.conf will allow the user to modify their own userpassword.

access to attr=userPassword
        by self write
        by anonymous auth
        by * none
erwann at zeflip dot com
04-Oct-2006 07:41
If you do not wish to set up SSL on your active directory, and you are running on Windows, you can use COM and ADSI to set the new password for a user, or to active a user:

<?PHP
// to set a user password
  // server is the ldap server
  // newuser_dn is the full dn of the user you want to modify
  // newuser_password is the password you wish to set for the user

    $ADSI = new COM("LDAP:");
    $user = $ADSI->OpenDSObject("LDAP://".$server."/".$newuser_dn, $adminuser, $adminpassword, 1);
    $user->SetPassword($newuser_password);
    $user->SetInfo();

// to activate a user
    $ADSI = new COM("LDAP:");
    $user = $ADSI->OpenDSObject("LDAP://".$server."/".$newuser_dn, $adminuser, $adminpassword, 1);
    $user->AccountDisabled = false;
    $user->SetInfo();

?>
EelBait
29-Sep-2006 01:11
Using ldap_mod_replace to change a user's password will not set the password using a hashed value, but rather in clear text. There doesn't seem to be a way to use the various password-change protocols (e.g. extended operation) using this API. You might be better off using the ldappasswd command-line tool to perform this function.
frederic dot jacquot at insa-lyon dot fr
09-Jun-2004 01:26
Changing a user password in Active Directory.
Securely connect (using ldaps) to the Active Directory and bind using an administrator account.

In this example, $userDn contains the dn of the user I want to modify, and $ad is the Active Directory ldaps connection)

$newPassword = "MyPassword";
$newPassword = "\"" . $newPassword . "\"";
$len = strlen($newPassword);
for ($i = 0; $i < $len; $i++)
        $newPassw .= "{$newPassword{$i}}\000";
$newPassword = $newPassw;
$userdata["unicodepwd"] = $newPassword;
$result = ldap_mod_replace($ad, $userDn, $userdata);
if ($result) echo "User modified!" ;
else echo "There was a problem!";

I found it hard to get a proper encoding for the unicodepwd attribute so this piece of code might help you ;-)
19-Jul-2002 08:32
Sometime,we cannot replace ldap_mod_replace  function  with ldap_mod_del function and ldap_mod_add fuction .We  don't have permission to delete an attribute but  we can replace it.
ondrej at sury dot cz
26-Feb-2002 02:31
in openldap 2.0.x you can use method with mod_del/mod_add only if the attribute have defined EQUALITY rule.
JoshuaStarr at aelana dot com
31-Aug-2001 08:28
To modify an attribute with a single value:
  $entry[mail] = "newmail@aelana.com";
  $results = ldap_mod_add($ldapConnID,$dn, $entry);

To modify an attribute with multiple values:
  $entry[mail][] = "newmail@aelana.com";
  $entry[mail][] = "altnewmail@aelana.com";
  $results = ldap_mod_add($ldapConnID,$dn, $entry);

To modify multiple attributes
  $entry[mail][] = "newmail@aelana.com";
  $entry[mail][] = "altnewmail@aelana.com";
  $entry[c]      = "US";
  $results = ldap_mod_add($ldapConnID,$dn, $entry);
oyvindmo at initio dot no
30-Nov-2000 01:57
ldap_mod_replace() and ldap_modify() are _exactly_ the same.  So, the comment that ldap_mod_replace() "performs the modification at the attribute level as opposed to the object level", has no root in reality.
yife at myrice-ltd dot com
16-Nov-2000 10:57
if i want to replace the special attribute but i don't replace other attribute ,i just use "ldap_mod_del" and "ldap_mod_add" ,the function seems to that
add a note add a note

ldap_modify> <ldap_mod_del
Last updated: Fri, 22 Aug 2008
 
 
show source | credits | stats | sitemap | contact | advertising | mirror sites