You are here

Change Luminis password programmatically

Submitted by vandresv on Thu, 10/20/2011 - 09:21


Hello, I'd like to contribute to the community with a small program I wrote based on the advises of a user in LumDev (Thank you Tbird!) and lots of google search. It is my first php program so dont expect a gem but it does works.
This program is called by a form html that provides the two variable that the user is asked to enter, the username that uses in Luminis and a personal password that it is already registered in Banner.

//Author: Andres Valdes 19-Oct-2011
//Goal: Reset Luminis Password and send new password to Personal Email
//Dependencies: PHP 5 module in Apache
// input.hml: HTML page with the Form fields. (it returns luminisid,emailpers)

//return true if a Banner ID it's found(pdsExernalSystem attribute)
//for the loginid provided by the user
//it returns false in any other condition.
function verify_luminisid($loginid) {
global $ldap_server;
global $banner_id;
global $attributes;
global $basedn;
global $filter;
global $uid;
global $dn;
global $ds;
global $banner_id;

$ds = ldap_connect($ldap_server);
if (!$ds) {
echo "No connect to LDAP
return false; //could not connect to LDAP Server
$r = ldap_bind($ds, "cn=Directory Manager", "managerpassword");
if (!$r) {
echo "No bind to LDAP
return false; //could not Bind to LDAP Server
$search = ldap_search($ds,$basedn,$filter,$attributes,0,0);

if (!$search) {
return false; //("Search failed\n");
} else {
$data = ldap_get_entries($ds,$search);
if ($data["count"]==0) {
return false;//not found
//get uid (immutable id)
//dn of the user id to modify;
//get ExternalSystemID from ldap
return true;
function generateRandomString() {
$length = 7;
$numbers = "0123456789";

$string = "";
//get upper case
for ($p = 0; $p $string .= $upper[mt_rand(0, strlen($upper))];
for ($p = 0; $p $string .= $lower[mt_rand(0, strlen($lower))];
for ($p = 0; $p $string .= $numbers[mt_rand(0, strlen($numbers))];

return $string;

function verify_email_personal($emailpersonal,$banner_id) {
global $oracleuser;
global $oraclepass;
global $tnsname;
$v_sql="select goremal_pidm from goremal ,spriden where goremal_pidm=spriden_pidm and spriden_change_ind is null and goremal_emal_code='PERS' and spriden_id='".$banner_id."' and goremal_email_address='".$emailpersonal."'";
$statement_id = oci_parse($ora_connection,$v_sql);
$row = oci_fetch_object($statement_id);
//free Resources

if (!$row) { return false; }
return true; //success: personal email matched banner ID.
function modify_ldap_password($password) {
global $ds;
global $dn;
$pass = make_ssha_password($password);
// echo "Nuevo password: $password"."

//Encode clear text password with SSHA encoding. Using random salt
//It is necesarry to write password in the LDAP userPassword attribute
function make_ssha_password($password){
$salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
$hash = "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt)) . $salt);
return $hash;

//Send Email to user (personal email)
function send_mail($email_address,$password) {
$to = $email_address; $subject="Informacion de Acceso solicitado";
$body = "Your password has changed as requested.\nYour new password is ".$password;
if (mail($to,$subject,$body)) {
return true; //success
} else {
return false; //failure sending email
//Variables capture from POST method on Form page (input.html)

//Global variables

//php_user only needs the following privileges in Oracle:
//grant select on goremal; grant select on spriden, grant connect privilege.



if (verify_luminisid($loginid)) {
// Check if the PERS email on GOREMAL matches the one provided by user
if (verify_email_personal($emailpersonal,$banner_id)) {
// echo "Your email matched the one we have in record

//Generate Random String with 8 characters, Lower case, Upper Case and numbers
if (send_mail($emailpersonal,$password)) { echo "Mail was sent to ".$emailpersonal." with password information.
} else { echo "Problem sending Email.
} else {
echo "The email you provided does not match the one in our system
} else {
echo "There was a problem changing password


Luminis Version: