[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Web based LDAP password modification

It's probably a good idea to avoid C-type "system()" calls whenever possible from the web. They're slower than the rest of your code and they open a shell as the web user.

Using system() for changing a password also has the added problem of that a well constructed password can be used to comprise your webserver if you're not very careful.

Whatever language you choose, I'd suggest that you use that languages built in LDAP API and not system/passthrough etc.

In PHP, here are the two lines in the script used to change user passwords...

$entry['userpassword'] ="{md5}".base64_encode(pack("H*",md5($newpass)));
$r = ldap_mod_replace($ds, $dn, $entry);

I use the MD5 hash. $newpass is the user's new cleartext password. $ds is the connection after a ldap_connect() and ldap_bind(). $dn is the user DN being modified.


Christian W Pohl wrote:
Hi Paul,

I think perl is the right way.
If you don't like to link all modules needed for Net::LDAP, why dont you just use the normal ldapsearch/modify commands via
the system command (and some temporary files)?

But I think it is better to get Net::LDAP run properly. The module says what other modules are needed if you try to install it. In my case there were 7 modules I think, but it was no big problem (unfortunately I have the module list at home :(

Kind regards,


Kervin Pierre