Hi Eric,
unicodepwd is a pretty unique attribute.
1. Can't read it (makes sense)
2. Can't modify it.
3. An Add does work (just an add, no delete)
Also the LDAP connection MUST be SSL. Active Directory will not accept
password changes over insecure connections.
Hope this helps.
Eric
On Wed, June 21, 2006 11:43 am, Eric Anderson wrote:
> I have been scratching my head on trying to change an ActiveDirectory
> password via Net::LDAP for a couple of hours so I figured I would see if
> someone on this list can help me.
>
> My knowledge of LDAP and ActiveDirectory is virtually zero. I am just
> hoping to take the example from the FAQ and fit it to my environment but
> I must be missing something.
>
> One issue I am confused with is the distinguished name. I know it has to
> uniquely identify a record in the database but not knowing much about
> ActiveDirectory or LDAP I am not sure what to use. From the examples I
> have seen my best guess is:
>
> $dn = 'CN=SWestbrook,DN=mycompany,DN=com';
>
> I.E. the common name would be the Active Directory username and the DN
> would be the domain with each part of the domain being split. But when I
> try to connect with some code like this:
>
> my $ldap = Net::LDAP->new("ldaps://$host") or die("$@");
> my $mesg = $ldap->bind($dn, password => $oldPW);
> die("Bind Error: ".$mesg->error_text) if $mesg->is_error;
>
> I get the following:
>
> Bind Error: The wrong password was supplied or the SASL credentials
> could not be processed
>
> After some tweaking I found out that I can pass the userPrincipalName
> (email address) instead. I gave that a try and I am able to successfully
> login. Now my task is the change the password. So I do the Unicode
> conversion on the passwords as the FAQ states:
>
> my $charmap = Unicode::Map8->new('latin1') or die("$@");
> my $oldUniPW = $charmap->tou('"'.$oldPW.'"')->byteswap()->utf16();
> my $newUniPW = $charmap->tou('"'.$newPW.'"')->byteswap()->utf16();
>
> Finally I attempt to actually change the password with the following code:
>
> $mesg = $ldap->modify($dn, changes => [
> delete => [ unicodePwd => $oldUniPW ],
> add => [ unicodePwd => $newUniPW ],
> ]);
> die("Modify Error: ".$mesg->error_text) if $mesg->is_error;
>
> When this statement executes I get the following:
>
> Modify Error: The server cannot find an object specified in the request
>
> So I am guessing the reason I cannot login with the DN or change the
> record is that I have the wrong DN. But I am not sure what I am supposed
> to use.
>
> Any help would be greatly appreciated,
>
> Eric
>
