Net::LDAP folk!
I am trying to see if I can set Active Directory passwords via LDAP. Of
course, Microsoft do it their own way, but they document it at
http://support.microsoft.com/support/kb/articles/Q269/1/90.ASP
It boils down to, you delete your old unicodePwd attribute, including your old
password as a BER encoded string. Then you add a new unicodePwd attribute,
with the new password as a BER encoded string.
Cute.
But not for me:
[...]
my $entry = Net::LDAP::Entry->new();
my $opass_ber = new Convert::BER;
my $npass_ber = new Convert::BER;
$opass_ber->encode(STRING=>"\"$opass\"",);
$npass_ber->encode(STRING=>"\"$npass\"",);
$entry->dn("cn=$user,$ldap_base");
$entry->delete('unicodePwd' => $opass);
$entry->add('unicodePwd' => $npass);
my $return = $entry->update( $conn );
if( $return->done ) { die "return: " . $return->error . "\n"; }
1-17:51 dannyman@noneedto ~> bin/adpasswd bobo zzzzzzzz bo69
Can't use string ("zzzzzzzz") as an ARRAY ref while "strict refs" in use at /usr/local/lib/perl5/site_perl/5.005/Net/LDAP/Entry.pm line 179.
I'm not understanding quite how LDAP works at such a low level, my GUESS
is that the delete() function of Net::LDAP::Entry does not support
passing a value.
Comparing the delete() and add() subroutines in Entry.pm, it looks like
the delete() function looks much like add() except that it adds a few
checks ... what these checks are, I do not grok, but the evil line is
the last in this paragraph:
if (defined($val) and (!ref($val) or @$val)) {
my %values;
@values{@$val} = ();
My curiosity is that, is there a simple way to tell delete() to support
specifying the value of the attribute to delete, and is this what I
really want? :)
Thanks,
-danny
|
