Re: ldap.passwd_s with Active Direcory

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Mik...@op... wrote:
> *** ldaps://ad01.demo.local:636 - SimpleLDAPObject.simple_bind ((u'user@ADDEMO', u'secret', None, None),{})

First of all you should not pass Unicode strings to python-ldap. That's not a
problem for the actual values you used though in this example but in general
up to now python-ldap only receives raw strings as arguments.

> In [4]: mod_attrs = [( ldap.MOD_REPLACE, 'unicodePwd', '"password"'.encode('utf-16-le') )]
> In [5]: dn = 'CN=Barney Rubble,OU=Users,OU=ADDEMO,DC=demo,DC=local'
> 
> In [6]: r = l.modify_s(dn, mod_attrs)*** ldaps://ad01.demo.local:636 - SimpleLDAPObject.modify_ext (('CN=Barney Rubble,OU=Users,OU=ADDEMO,DC=demo,DC=local', [(2, 'unicodePwd', '"\x00p\x00a\x00s\x00s\x00w\x00o\x00r\x00d\x00"\x00')], None, None),{})

Unfortunately I can't tell whether
user@ADDEMO and CN=Barney Rubble,OU=Users,OU=ADDEMO,DC=demo,DC=local
are the same AD user entry.

I vaguely remember that when setting your own password you have to explicitly
delete the old one and add the new one. Dig for the MSDN article.

Ciao, Michael.