问题描述

我对Active Directory中的密码有疑问.我想从用户的用户名"获取密码我尝试使用功能"ldap_search"，但是找不到正确的密码属性我尝试作为:密码，userpassword，userPassword，unicodePwd，unicodepwd，但是它们不正确.

I have problem about password in Active Directory.I want to get password from "username" of userI tried function "ldap_search", but I do not find correctly attribute for passwordI tried as: password, userpassword, userPassword, unicodePwd, unicodepwd, but they are not correct.

我期待着大家的帮助谢谢大家:D短暂地

I look forward to helping of everyoneThanks for all :Dtrankinhly

推荐答案

Active Directory中的密码不可检索.在大多数目录中也没有. (eDirectory具有密码策略，如果您以指定用户身份绑定，则可以通过LDAP扩展名检索密码)

Passwords in Active Directory are not retrievable. Nor are they in most directories. (eDirectory has a password policy, that if you bind as the specified user, then you can retrieve passwords via LDAP extensions)

某些目录可能会让您恢复哈希版本，但这也不是那么好.

Some directories might let you recover the hashed versions, but that is not that great either.

要成为跨平台平台，最好尝试与提供的值绑定，无论成功还是失败.另外，LDAP说带有空密码的绑定实际上是一个匿名绑定，它可能会成功，因此您需要针对这种情况进行过滤.

To be cross platform, it is better to try and bind with the values provided and either succeed or fail. Additionally, LDAP says a bind with a blank password is actually an anonymous bind, which will probably succeed, so you need to filter for that case.

以用户身份绑定后，您可以查看其组成员身份(因为通常他们可以看到自己的组成员身份)或其他属性，如果他们可以读取，则表示他们具有一定级别的权限. (即，实施授权和身份验证).

Once bound as the user, you could look at their group memberships (since usually they can see their own) or look at some other attribute, which if they can read it, means they have some level of rights. (I.e. Implement authorization as well as authentication).

这篇关于如何在PHP中通过ldap获取活动目录的密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！