PHP / LDAP disabled user
Hi,
I search over the internet for days now and i didn’t found any solution so all help is welcome.
I use php to manage my Active Directory (Windows 2008 Server) with the LDAP extension.
there is the code for desactivation of users :
PHP Code:
$search = "(|(sn=$person*)(SAMAccountName=$person*))";
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
$sr = @ldap_search($ds, $ldapBase,$search);
$ent= @ldap_get_entries($ds,$sr);
$dn=$ent[0]["dn"];
$enable =0;
$ac = $ent[0]["useraccountcontrol"][0];
$disable=($ac | 2);
$enable =($ac & ~2);
$userdata=array();
if ($enable==1){
$new=$enable;
}
else{
$new=$disable;
$userdata["useraccountcontrol"][0]=$new;
ldap_modify($ds, $dn, $userdata);
$sr = @ldap_search($ds, $ldapBase,$search);
$ent= @ldap_get_entries($ds,$sr);
$ac = $ent[0]["useraccountcontrol"][0];
}
if (($ac & 2)==2) {
$status=0;
}
else{
$status=1;
ldap_close($ds);
}
$response = array('status' => $status);
echo json_encode($response);