有一些事情你需要得到完全正确通过LDAP设定在公元密码。

• 您需要使用SSL连接（LDAPS：//）

• 密码需要用引号引起来

• 的（引用）的密码必须是EN codeD在16位单code（UTF-16LE）

假设你想设置的密码是普通的ASCII字符，单向code转换可以通过ASCII字符串的每个字节后加入\ 000字节来实现，如图的这code样品

所以，你的例子，而不是看起来像：

  $新密码=asdf1234;
。$新密码=\$新密码\;
$ LEN =的strlen（$新密码）;
为（$ i = 0; $ I＆LT; $ len个; $ I ++）。$ newpass ={$新密码{$ I}} \ 000;
$用户[UNI codePWD] = $ newpass;
 

Getting an error:

Server is unwilling to perform

while changing unicodePwd in AD through PHP. However, I'm able to search, add, remove and modify any attributes of the users.

Using Administrator account to bind and admin has full rights to change passwords of any users.

Here's the code I'm using:

<?php
$dn = "CN=Vishal Makwana,OU=Address Book,DC=example,DC=com";
$ad = ldap_connect("ldap://example.com")
      or die("Couldn't connect to AD!");
ldap_set_option($ad, LDAP_OPT_PROTOCOL_VERSION, 3);
$bd = ldap_bind($ad,"admin@example.com","admin1");

    if($bd) {
        echo "AD bind successfully";  
      }
    else {
        echo "Couldn't bind AD";;
    }

$user["unicodePwd"] = "asdf1234";

$result = ldap_mod_replace($ad, $dn, $user);
if ($result) echo "User modified!"; else
             echo "There was a problem!";

ldap_unbind($ad);
?>

There are a number of things you need to get exactly right to set a password in AD via LDAP.

• you need to use an SSL connection (ldaps://)

• the password needs to be enclosed in quotes

• the (quoted) password needs to be encoded in 16-bit unicode (UTF-16LE)

Assuming the password you're trying to set is ordinary ascii characters, the unicode conversion can be accomplished by adding a \000 byte after each byte of the ascii string, as shown in this code sample.

So your example would instead look like:

$newpassword = "asdf1234";
$newpassword = "\"" . $newpassword . "\"";
$len = strlen($newpassword);
for ($i = 0; $i < $len; $i++) $newpass .= "{$newpassword{$i}}\000";
$user["unicodePwd"] = $newpass;