LDAP password reset almost works

[Charles Polisher]

Dear all,

Maddeningly, the following code fragment ends by reporting an LDAP
status of "Success" yet doesn't actually reset the password.

The bound LDAP server is an MS Windows 2003 R2 Service pack 2 Active
Directory server. I've been googling for help but finding no definitive
answer. I've also studied the man page for ldap_modify, and especially
the comments there.

Substituting 'unicodepwd' for 'userpassword' triggers an LDAP error
code of 'Server is unwilling to perform'.

The connect and bind are working fine, and a simple search is yielding
correct results. I'm using PHP 5.2.11.

It has been suggested that switching to LDAPS will solve the problem,
but I have 3rd party software that sets the password without a secure
LDAP connection, so I know this is possible without LDAPS.

Here's the code:

$dn = "cn=ttest,OU=people,DC=institution,DC=tld";
$ds = <a valid LDAP connection resource>;
//
// Make up a new password
//
$pwdtxt = 'Prefix' . (rand(1000,9999));
//
// Convert the password to Unicode
//
$newPassword = "\"" . $pwdtxt . "\"";
$len = strlen($newPassword);
$newPassw = "";
for($i=0; $i<$len; $i++) {
$newPassw .= "{$newPassword{$i}}\000";
}
//
// set the new passwd in the Active Directory
//
$n['userpassword'] = $newPassw;
$result = ldap_modify($ds, $dn, $n);
if ($result) {
logger('LDAP status: ' . ldap_error($ds));
}