Menu
▾
▴
Re: Creating Active Directory Objects
|
From: <mi...@st...> - 2007-11-09 09:35:40
|
Geert Jansen wrote: > > Forget about using LDAP to change a user's password. It can be done but > it requires 128-bit SSL and so you need to set up certificate services > and distribute the CA certificate to your client. An easier way is to > use the Kerberos Set Password protocol (RFC3244). MIT Kerberos 1.3 and > later support this protocol. Unfortunately there is no command-line > interface to this call so you need to create a Python extension module > for wrapping this call. > > My (in progress) project FreeADI contains a wrapper for the Set Password > call. See the file "/trunk/freeadi/core/_krb5.c" on my Trac page at > freeadi.org. The code is available under the liberal MIT license. If you're already on that route you might be interested in the heimdal-wrapper module by Univention. Its license is GPL. Not sure whether they support the Set Password protocol though. Ciao, Michael. |
