Re: Changing passwords in Active Directory

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On 11/12/02 12:34 am, Eric Stokes <eri...@cs...> wrote:

> Hello Gentlemen. I'm trying set a password in Active Directory via
> Net::LDAP. I've been running into trouble for a while now. I've read
> both your posts on the subject, and have tried your solutions. Needless
> to say, neither of them worked for me.
> 
> Here is the code I am currently trying. Christopher Bongaarts's method
> yielded the same result.
> ...
> sub MakeUnicodePwd # from Norbert Klasen's post
> {
>    my $u = latin1("\"".$_[0]."\"");
>    $u->byteswap();
>    return $u->ucs2;
> }
> my $pass = MakeUnicodePwd("passw0rd1");
> $result = $ldaps -> modify($dn, replace => [unicodePwd => $pass]);
> print $result -> code()."\n";
> print $result -> error()."\n";
> 
> The error I get is
> 
> 19
> 00002081: AtrErr: DSID-031D0AA0, #1:
>        0: 00002081: DSID-031D0AA0, problem 1005 (CONSTRAINT_ATT_TYPE),
> data 0, Att 9005a (unicodePwd)
> 
> Constraint violation? Possibly my data is not in the right format? I

Maybe, but there are more appropriate errors to return in that case (eg
invalidAttributeSyntax).

Is there a password policy set in the directory somewhere which your
passwords aren't complying with?

Are you binding as v3? The semantics of replace are (subtly!) different in
LDAPv2.

A longer shot this - is unicodePwd single- or multi-valued, and does it
contain a password before your code is run? I've seen constraint violations
returned (from other directories) when trying to add multiple values to a
single-valued attribute. I know "replace" is meant to cope with all that
but...

Cheers,

Chris