All geek questions in one place

In any case, to check if the user account is locked via PHP / LDAP?

We created an intranet site that requires the same password as the user’s network, so we use LDAP to verify the username and password.

This is good, but if they enter it incorrectly three times, it locks its account, and one or two users find this confusing.

In any case, I can check, using LDAP / PHP, whether the account is locked or not, so I can display a short message asking them to contact IT?

thanks

+3
source share
4 answers

LDAP LDAP PHP /, . : http://us3.php.net/manual/en/book.ldap.php

:

if (!($ldap=ldap_connect($ldapip, $ldapport)))  
    {
        die("Error:Unable to connect to the LDAP Server");
        return;
    }
    if (!ldap_bind($ldap, $admindn, $adminpwd))
    {
        die("Error:Unable to bind to '$dn'!");
        return;
    }

    $sr=ldap_search($ldap, $userbasedn, $filter);
    $info = ldap_get_entries($ldap, $sr);

    if($info["count"] > 0)
    {
        $entry = ldap_first_entry($ldap, $sr);
        $return_array = ldap_get_attributes($ldap, $entry);
        if($return_array)
        {
            for ($i=0;$i<$return_array['count'];$i++)
            {
                      print($return_array[$i]);
                      print($return_array[$return_array[$i]][0]);
                    }
        }
    }

, lockoutTime AD, nsaccountlock LDAP

+2

"" LDAP . LBE (LDAP Browser/Edit) LDIF , .

0

?

If your intranet site allows more samples than network access, you can use it to find the password for the user.

0
source

One of the attributes of the AD profile useraccountcontrol. It contains a value decimalthat can be converted to read here;

Blocked can refer to several cases, usually

  • ACCOUNTDISABLE 2 / 0x0002 (hexa)
  • PASSWORD_EXPIRED 8388608 / 0x800000
  • LOCKOUT 16 / 0x0010
0
source

Source: https://habr.com/ru/post/1711915/

More articles:


All Articles