Hi Randy, My apologies for not getting back to you sooner. Here is a crude example of the code I used to create/modify a password using Python LDAP. The trick to modifying the password is encoding in unicode. I am still trying to find my bookmark to a discussion board that explains how this works. Once I find it I will post it here as well. Unfortunately I have not had anytime over the past few months to work on my code so I do not have a whole lot more that I can give you at the moment. I plan to begin work again this fall and any changes or advancements I make I will be sure to post. If you find a better way to achieve AD account manipulation please let me know. Thanks, Mike
import ldap import ldap.modlist as modlist server = "ldaps://jebediah.springfield.org:636" who = "[EMAIL PROTECTED]" cred = "password" path = "ou=Students,ou=Accounts,dc=springfield,dc=org" keyword = "simpson" dn = 'cn=jjones,ou=Accounts,dc=springfield,dc=org' attrs = {} attrs['objectclass'] = ['top', 'person', 'organizationalPerson','user'] attrs['cn'] = 'jjones' attrs['userPassword'] = 'jimbo' attrs['userPrincipalName'] = 'jjones' attrs['sAMAccountName'] = 'jjones' attrs['givenName'] = 'Jimbo' attrs['sn'] = 'Jones' attrs['DisplayName'] = 'Jimbo Jones' attrs['description'] = 'A brief description' attrs['userAccountControl'] = '512' password = "jimbo" password_attr = "unicodePwd" unicode1 = unicode("\"" + password + "\"", "iso-8859-1") unicode2 = unicode1.encode("utf-16-le") password_value = unicode2 mods = [(ldap.MOD_REPLACE, password_attr, [password_value])] ldif = modlist.addModlist(attrs) l = ldap.initialize(server) l.simple_bind_s(who, cred) l.add_s(dn, ldif) l.modify(dn, mods) l.unbind_s() On Sep 2, 2008, at 6:27 PM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED] > wrote: > On 8/30/08, Michael Ströder <[EMAIL PROTECTED]> wrote: >> Randy wrote: >>> Mike (or anyone else who has successfully changed an Active >>> Directory >>> password using python-ldap over SSL), >>> >>> I have not found an update in the archives to your last message on >>> this subject (below). Can you perhaps share some Python code >>> showing >>> how to add or change the password for an Active Directory user via >>> LDAP over SSL? >> >> Recent web2ldap changes unicodePwd in AD. You could set >> trace_level=2 in >> etc/web2ldap/web2ldapcnf/misc.py to see what's passed to python-ldap. >> >> For the SSL part see Demo/initialize.py in python-ldap's source >> distribution. Off course you have to check back with your admin >> whether >> SSL is enabled in your AD DCs and which CA cert to install on the >> client >> side. >> >> Ciao, Michael. >> > > Thanks for the quick reply Michael. > > I installed web2ldap 0.16.41, but have not been able to connect via > SSL and Bind to my Active Directory test machine (running Microsoft's > ADAM server on WinXP, which I have successfully > connected/authenticated with over SSL using MS's ldp.exe utility). I > am not completely sure I need to do a simple bind, in order to change > a user password in Active Directory, when I have both the old and new > passwords, given the other comments by Mike in this thread. > > Does web2ldap have a public SVN or CVS repository where I might view > the changes that allow web2ldap to change the unicodePwd in AD, and > hence get some hint as to where in the code this magic is happening? > > This task may be easy for someone with LDAP experience, but I have > virtually no experience with LDAP (or AD either). > > Thanks again, > > - Randy > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win > great prizes > Grand prize is a trip for two to an Open Source event anywhere in > the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Python-LDAP-dev mailing list > Python-LDAP-dev@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/python-ldap-dev ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev