Change passwords in Active Directory

Sun, 25 Nov 2007 11:29:12 -0800 

Hi,
        I'm trying to change a user's password in AD 2003 using the C LDAP SDK,
and running into a bit of a brick wall (which I'm more than willing to
accept is simply because of my own limited knowledge :) ).

I've translated the code here into Mozilla-ese:

http://support.microsoft.com/?kbid=269190

While my test app can successfully connect to AD both anonymously and
with simple binding, and over SSL, both the "delete then re-create" and
"replace" versions of the routine are (I believe) falling foul of
security restrictions on the directory server.

I've disabled password complexity requirements in AD, so that isn't
it. :)

The errors I'm getting are "Constraint violation", and (most recently)
"DSA is unwilling to perform".  I would expect these if I didn't connect
over SSL, but I'm getting them when using SSL as well.

It's probably down to this snippet from the above link:

> In order to modify this attribute, the client must have a 128-bit
> Secure Socket Layer (SSL) connection to the server. For this
> connection to be possible, the server must possess a server
> certificate for a 128-bit RSA connection, the client must trust the
> certificate authority (CA) that generated the server certificate, and
> both client and server must be capable of 128-bit encryption.

How can I ensure that this is the case?  Any other ideas?

Regards
-- 
Philip Allison
Developer, SmoothWall Ltd

Email: [EMAIL PROTECTED]

SmoothWall Limited
1 John Charles Way
Leeds LS12 6QA
United Kingdom

Phone: 1 800 959 3760     (USA, Canada and North America)
       0870 1 999 500     (United Kingdom)
       +44 870 1 999 500  (all other countries)
Fax:   +44 870 1 991 399

Web: http://www.smoothwall.net/
SmoothWall Limited is registered in England, Company Number: 4298247

This email and any attachments transmitted with it are confidential
to the intended recipient(s) and may not be communicated to any
other person or published by any means without the permission of
SmoothWall Limited.  Any opinions stated in this message are solely
those of the author.  See: http://smoothwall.net/company/email.php
for the full text of this notice.

_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap

Reply via email to