Menu
▾
▴
Re: Creating Active Directory Objects
|
From: <mi...@st...> - 2007-11-08 18:02:46
|
David Leonard wrote: > > As far as I understand it, the unicodePwd attribute is the NT hash of > the user's password. I don't think so when setting it. Maybe it contains the NT hash afterwards, but conversion is probably done internally. http://support.microsoft.com/kb/269190 It seems you need to combine ldap.MOD_DELETE with old password and ldap.MOD_ADD with new password when setting unicodePwd yourself and ldap.MOD_REPLACE when setting it for another account. Additionally you have to use quotes around it. And furthermore it has to be UTF-16-encoded (low endian). MS docs are usually poorly written. > Also, you may want to look at using SASL/GSSAPI/Kerberos to bind to AD's > LDAP. It should be a lot easier to manage than SSL certs. The SSL certs are not used to bind to AD in this case. Rather they are just used to connect over SSL (ldaps://). Ciao, Michael. |
