更新时间:2021-12-06 17:12:51
要通过 LDAP 在 AD 中正确设置密码,您需要做很多事情.
There are a number of things you need to get exactly right to set a password in AD via LDAP.
您需要使用 SSL 连接 (ldaps://)
you need to use an SSL connection (ldaps://)
密码需要用引号括起来
(引用)密码需要以 16 位 unicode (UTF-16LE) 编码
the (quoted) password needs to be encoded in 16-bit unicode (UTF-16LE)
假设你要设置的密码是普通的ascii字符,可以通过在ascii字符串的每个字节后添加一个 00字节来完成unicode转换,如此代码示例.
Assuming the password you're trying to set is ordinary ascii characters, the unicode conversion can be accomplished by adding a 00 byte after each byte of the ascii string, as shown in this code sample.
所以你的例子看起来像:
So your example would instead look like:
$newpassword = "asdf1234";
$newpassword = """ . $newpassword . """;
$len = strlen($newpassword);
for ($i = 0; $i < $len; $i++) $newpass .= "{$newpassword{$i}} 00";
$user["unicodePwd"] = $newpass;