RE: ldap.passwd_s with Active Direcory

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> -----Original Message-----
> From: Michael Ströder [mailto:mi...@st...]
> Sent: 06 August 2009 00:49
> To: Mike Peters
> Cc: pyt...@li...
> Subject: Re: ldap.passwd_s with Active Direcory
> 
> Mik...@op... wrote:
> > *** ldaps://ad01.demo.local:636 - SimpleLDAPObject.simple_bind
> ((u'user@ADDEMO', u'secret', None, None),{})
> 
> First of all you should not pass Unicode strings to python-ldap. That's
> not a
> problem for the actual values you used though in this example but in
> general
> up to now python-ldap only receives raw strings as arguments.

OK, thanks. I'll bear that in mind.

> 
> > In [4]: mod_attrs = [( ldap.MOD_REPLACE, 'unicodePwd',
> '"password"'.encode('utf-16-le') )]
> > In [5]: dn = 'CN=Barney Rubble,OU=Users,OU=ADDEMO,DC=demo,DC=local'
> >
> > In [6]: r = l.modify_s(dn, mod_attrs)*** ldaps://ad01.demo.local:636
> - SimpleLDAPObject.modify_ext (('CN=Barney
> Rubble,OU=Users,OU=ADDEMO,DC=demo,DC=local', [(2, 'unicodePwd',
> '"\x00p\x00a\x00s\x00s\x00w\x00o\x00r\x00d\x00"\x00')], None, None),{})
> 
> Unfortunately I can't tell whether
> user@ADDEMO and CN=Barney Rubble,OU=Users,OU=ADDEMO,DC=demo,DC=local
> are the same AD user entry.
> 
> I vaguely remember that when setting your own password you have to
> explicitly
> delete the old one and add the new one. Dig for the MSDN article.
> 

No, I'm using a different user. I've tried a couple of different users including Administrator in case it is user permissions. I've looked at the MSDN article and can't see anything in there different.

Thanks

Mike Peters