Sometimes authenticating password against LDAP in PHP can't rely on userPassword attribute because they might use only lmPassword or ntPassword. It is not quite easy but not too hard as long as we have LDAP Account Manager.

The trick is to obtain createntlm.inc in LAM project. Then you may use below functions to create hash.

/**
* Generates the LM hash of a password.
*
* @param string password original password
* @return string password hash
*/
function lmPassword($password) {
    $hash = new smbHash();
    return $hash->lmhash($password);
}
 
/**
* Generates the NT hash of a password.
*
* @param string password original password
* @return string password hash
*/
function ntPassword($password) {
    $hash = new smbHash();
    return $hash->nthash($password);
}

Above code is in account.inc so we can use it as follow.

if ($hash == lmPassword($password)) {
  print "pass";
} else {
  print "failed";
}

Tags: ldap, php