I am working on a project which some part of it includes creating new users and resetting their passwords in the active directory. we are using win2019 and for creating and resetting passwords I am using LDAP protocol version 3 with TLS enabled.
when I want to set the unicodePwd I am getting the server is unwilling to perform this operation.
we are using PHP v8.0.13.
the PHP code works fine without setting unicodePwd attribute(the connection and bind operations are successful. and I am using the Administrator's credentials to perform this operation).
is there any setting that I should add to PHP or change something on the server
CodePudding user response:
The "unwilling to perform" error message always means you've done something wrong. What that is depends on your code.
If you're using LDAPS, that an important step out of the way.
The documentation for unicodePwd
tell us that the string you send for the password has to be in a specific format:
the DC requires that the password value be specified in a UTF-16 encoded Unicode string containing the password surrounded by quotation marks
In PHP you can change the encoding using mb_convert_encoding
:
mb_convert_encoding('"' . $newPassword . '"', 'utf-16le');