[Date Prev][Date Next]
Re: Web based LDAP password modification
It's probably a good idea to avoid C-type "system()" calls whenever
possible from the web. They're slower than the rest of your code and
they open a shell as the web user.
Using system() for changing a password also has the added problem of
that a well constructed password can be used to comprise your webserver
if you're not very careful.
Whatever language you choose, I'd suggest that you use that languages
built in LDAP API and not system/passthrough etc.
In PHP, here are the two lines in the script used to change user
$r = ldap_mod_replace($ds, $dn, $entry);
I use the MD5 hash. $newpass is the user's new cleartext password. $ds
is the connection after a ldap_connect() and ldap_bind(). $dn is the
user DN being modified.
Christian W Pohl wrote:
I think perl is the right way.
If you don't like to link all modules needed for Net::LDAP, why dont you
just use the normal ldapsearch/modify commands via
the system command (and some temporary files)?
But I think it is better to get Net::LDAP run properly. The module says
what other modules are needed if you try to install it. In my case there
were 7 modules I think, but it was no big problem (unfortunately I have
the module list at home :(