Okay, even using the code chunk from "the FAQ"(tm), trying to have a user
change their own password results in the error message:
0000052D: AtrErr: DSID-03190F00, #1:
0: 0000052D: DSID-03190F00, problem 1005 (CONSTRAINT_ATT_TYPE),
data 0, Att 9005a (unicodePwd)
from the $ldap->modify( changes=>{delect,add} ) operation. Have tried
numerous methods of encoding the password unicode (which all end up the
same result) as well as base64 encoding.
Strangely, if I use a "replace" operation instead of changes=>{delect,add},
it is accepted (tho i gotta bind as an admin user as well). Doesn't seem to
be a permission issue, as that would show up differently (such as using
"replace" without being an admin). What else could it be ?
use Net::LDAP;
use Unicode::Map8;
use Unicode::String qw(utf16);
my $oldPW = "oldpasswd";
my $newPW = "newpasswd";
my $charmap = Unicode::Map8->new('latin1') or die;
my $oldUniPW = $charmap->tou('"'.$oldPW.'"')->byteswap()->utf16();
my $newUniPW = $charmap->tou('"'.$newPW.'"')->byteswap()->utf16();
my $ldap = Net::LDAP->new('ldaps://adserver.company.com') or die "$@";
my $mesg = $ldap->bind('cn=usertest,cn=Users,dc=company,dc=com',
password => "DJ_120bpm");
$mesg = $ldap->modify('cn=usertest,cn=Users,dc=company,dc=com',
changes => [
delete => [ unicodePwd => $oldUniPW ],
add => [ unicodePwd => $newUniPW ] ]);
die("Unable to reset Active Directory password: ".$mesg->error)
if ($mesg->error ne "Success");
-ericb
