From: Fergus D. <Fer...@dc...> - 2001-10-23 10:47:54
|
Hi Jim, Thanks for that - I got the code and will have a look at it later today. Yes, I am stuck using NDS 8 (NW 5.1) and not eDirectory (nothing I can do about this one), so hence the delete/replace. The code snippit is done using an authenticated bind and fails even though the LDIF change works. I will still run into the problems you mention with password expiry etc. but am curious as to why the LDIF worked and the perl-ldap given didn't? From watching traffic on the wire, the ldapmodify sent very different information to the perl-ldap code (which didn't seem to send the pattern "oldpass"). Can someone tell me what I'm doing differently from the LDIF? Thanks, Fergus. Jim Harle wrote: > > There are a few issues here. In earler versions of NDS (before > eDirectory), it was necessary to delete and add, newer versions can /? > need to use replace. Second, are you sure you sure you did an > authenticated bind with the user's DN and password? It won't work with an > anonymous bind. Third, we found that NDS doesn't automatically update > loginGraceRemaining and passwordExpirationTime so we needed to do a bind > with an admin DN and password to make that happen. I will send you code > off-list. > --Jim Harle > > On Fri, 19 Oct 2001 ma...@mj... wrote: > > > You don't have to delete the password first. You should just be able > > to do a replace. > > > > So try something like: > > $ldap->modify($dn,replace => { 'userpassword' => 'newpass' }); > > > > Mark > > > > On 19 Oct 01, at 9:49, Fergus Donohue wrote: > > > > > Hi all, > > > > > > Question for ye about a user changing their password in NDS (using > > > LDAP of course). The following ldif run with ldapmodify -h ldap.svr -D > > > "cn=fdtest,ou=staff,o=org" -w oldpass -f chpass.ldif lets the user > > > fdtest change their password. > > > > > > dn: cn=fdtest,ou=Staff,o=ORG > > > changetype: modify > > > delete: userPassword > > > userPassword: oldpass > > > - > > > replace: userPassword > > > userPassword: newpass > > > - > > > > > > I'm trying in vain to get perl-ldap to do the same, can anyone tell me > > > where I'm going wrong? This is what I've got at the moment (after a > > > successful bind) and I get an LDAP error 53 (Server unwilling to > > > perform), which I assume is to do with perl-ldap not sending the same > > > request as ldapmodify. > > > > > > $result = $ldap->modify($dn, > > > changes => [ > > > delete => [ userPassword => "$oldpass" ], > > > replace => [ userPassword => "$newpass" ] > > > ] > > > ); > > > > > > Anyone any ideas? > > > Thanks, > > > Fergus. > > > > > > > > > > > > > > > Mark Wilcox > > ma...@mj... > > Got LDAP? > > |