Hi Randy,
My apologies for not getting back to you sooner. Here is a crude
example of the code I used to create/modify a password using Python
LDAP. The trick to modifying the password is encoding in unicode. I
am still trying to find my bookmark to a discussion board that
explains how this works. Once I find it I will post it here as well.
Unfortunately I have not had anytime over the past few months to work
on my code so I do not have a whole lot more that I can give you at
the moment. I plan to begin work again this fall and any changes or
advancements I make I will be sure to post. If you find a better way
to achieve AD account manipulation please let me know.
Thanks,
Mike
import ldap
import ldap.modlist as modlist
server = "ldaps://jebediah.springfield.org:636"
who = "[EMAIL PROTECTED]"
cred = "password"
path = "ou=Students,ou=Accounts,dc=springfield,dc=org"
keyword = "simpson"
dn = 'cn=jjones,ou=Accounts,dc=springfield,dc=org'
attrs = {}
attrs['objectclass'] = ['top', 'person', 'organizationalPerson','user']
attrs['cn'] = 'jjones'
attrs['userPassword'] = 'jimbo'
attrs['userPrincipalName'] = 'jjones'
attrs['sAMAccountName'] = 'jjones'
attrs['givenName'] = 'Jimbo'
attrs['sn'] = 'Jones'
attrs['DisplayName'] = 'Jimbo Jones'
attrs['description'] = 'A brief description'
attrs['userAccountControl'] = '512'
password = "jimbo"
password_attr = "unicodePwd"
unicode1 = unicode("\"" + password + "\"", "iso-8859-1")
unicode2 = unicode1.encode("utf-16-le")
password_value = unicode2
mods = [(ldap.MOD_REPLACE, password_attr, [password_value])]
ldif = modlist.addModlist(attrs)
l = ldap.initialize(server)
l.simple_bind_s(who, cred)
l.add_s(dn, ldif)
l.modify(dn, mods)
l.unbind_s()
On Sep 2, 2008, at 6:27 PM, <[EMAIL PROTECTED]> <[EMAIL PROTECTED]
> wrote:
> On 8/30/08, Michael Ströder <[EMAIL PROTECTED]> wrote:
>> Randy wrote:
>>> Mike (or anyone else who has successfully changed an Active
>>> Directory
>>> password using python-ldap over SSL),
>>>
>>> I have not found an update in the archives to your last message on
>>> this subject (below). Can you perhaps share some Python code
>>> showing
>>> how to add or change the password for an Active Directory user via
>>> LDAP over SSL?
>>
>> Recent web2ldap changes unicodePwd in AD. You could set
>> trace_level=2 in
>> etc/web2ldap/web2ldapcnf/misc.py to see what's passed to python-ldap.
>>
>> For the SSL part see Demo/initialize.py in python-ldap's source
>> distribution. Off course you have to check back with your admin
>> whether
>> SSL is enabled in your AD DCs and which CA cert to install on the
>> client
>> side.
>>
>> Ciao, Michael.
>>
>
> Thanks for the quick reply Michael.
>
> I installed web2ldap 0.16.41, but have not been able to connect via
> SSL and Bind to my Active Directory test machine (running Microsoft's
> ADAM server on WinXP, which I have successfully
> connected/authenticated with over SSL using MS's ldp.exe utility). I
> am not completely sure I need to do a simple bind, in order to change
> a user password in Active Directory, when I have both the old and new
> passwords, given the other comments by Mike in this thread.
>
> Does web2ldap have a public SVN or CVS repository where I might view
> the changes that allow web2ldap to change the unicodePwd in AD, and
> hence get some hint as to where in the code this magic is happening?
>
> This task may be easy for someone with LDAP experience, but I have
> virtually no experience with LDAP (or AD either).
>
> Thanks again,
>
> - Randy
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in
> the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Python-LDAP-dev mailing list
> Python-LDAP-dev@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
