How to get password of active directory by ldap in php?

27,516

Solution 1

Passwords in Active Directory are not retrievable. Nor are they in most directories. (eDirectory has a password policy, that if you bind as the specified user, then you can retrieve passwords via LDAP extensions)

Some directories might let you recover the hashed versions, but that is not that great either.

To be cross platform, it is better to try and bind with the values provided and either succeed or fail. Additionally, LDAP says a bind with a blank password is actually an anonymous bind, which will probably succeed, so you need to filter for that case.

Once bound as the user, you could look at their group memberships (since usually they can see their own) or look at some other attribute, which if they can read it, means they have some level of rights. (I.e. Implement authorization as well as authentication).

Solution 2

I just queried an Active Directory (using ldapsearch in Ubuntu 10.04) running on a MS-Windows Server 2003, and it seem only the following can be retrieved and note that the password is not there.

givenName
distinguishedName
instanceType
whenCreated
whenChanged
displayName
uSNCreated
memberOf
uSNChanged
name
objectGUID
userAccountControl
badPwdCount
codePage
countryCode
badPasswordTime
lastLogoff
lastLogon
pwdLastSet
primaryGroupID
objectSid
accountExpires
logonCount
sAMAccountName
sAMAccountType
userPrincipalName

You may also refer:

Solution 3

AD does not store the password in plain text. The password hash is stored in unicodePwd. This attribute can be only retrieved using ldapi interface. The regular ldap_search will not return anything.

Share:
27,516

Related videos on Youtube

trankinhly
Author by

trankinhly

crazy but funny ;-)

Updated on March 11, 2020

Comments

  • trankinhly
    trankinhly about 4 years

    I have problem about password in Active Directory. I want to get password from "username" of user I tried function "ldap_search", but I do not find correctly attribute for password I tried as: password, userpassword, userPassword, unicodePwd, unicodepwd, but they are not correct.

    I look forward to helping of everyone Thanks for all :D trankinhly

    • wimvds
      wimvds about 13 years
      You will not be able to get (as in read) a password from AD, you can however authenticate someone (ie. check if a given user/password combo has a match in AD).

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related