Eric Nichols wrote:
Hi Eric,
unicodepwd is a pretty unique attribute.
1. Can't read it (makes sense)
2. Can't modify it.
3. An Add does work (just an add, no delete)
Also the LDAP connection MUST be SSL. Active Directory will not accept
password changes over insecure connections.
about ssl ldap conection to AD, I've written a doc, but it's in french !
http://www.int-evry.fr/s2ia/user/procacci/Doc/ldaps-ad/ldaps-ad.html
however you'll find links on that doc
most notably that one:
http://support.microsoft.com/default.aspx?scid=kb;en-us;321051
Hope this helps.
Eric
On Wed, June 21, 2006 11:43 am, Eric Anderson wrote:
I have been scratching my head on trying to change an ActiveDirectory
password via Net::LDAP for a couple of hours so I figured I would see if
someone on this list can help me.
My knowledge of LDAP and ActiveDirectory is virtually zero. I am just
hoping to take the example from the FAQ and fit it to my environment but
I must be missing something.
One issue I am confused with is the distinguished name. I know it has to
uniquely identify a record in the database but not knowing much about
ActiveDirectory or LDAP I am not sure what to use. From the examples I
have seen my best guess is:
$dn = 'CN=SWestbrook,DN=mycompany,DN=com';
I.E. the common name would be the Active Directory username and the DN
would be the domain with each part of the domain being split. But when I
try to connect with some code like this:
my $ldap = Net::LDAP->new("ldaps://$host") or die("$@");
my $mesg = $ldap->bind($dn, password => $oldPW);
die("Bind Error: ".$mesg->error_text) if $mesg->is_error;
I get the following:
Bind Error: The wrong password was supplied or the SASL credentials
could not be processed
After some tweaking I found out that I can pass the userPrincipalName
(email address) instead. I gave that a try and I am able to successfully
login. Now my task is the change the password. So I do the Unicode
conversion on the passwords as the FAQ states:
my $charmap = Unicode::Map8->new('latin1') or die("$@");
my $oldUniPW = $charmap->tou('"'.$oldPW.'"')->byteswap()->utf16();
my $newUniPW = $charmap->tou('"'.$newPW.'"')->byteswap()->utf16();
Finally I attempt to actually change the password with the following code:
$mesg = $ldap->modify($dn, changes => [
delete => [ unicodePwd => $oldUniPW ],
add => [ unicodePwd => $newUniPW ],
]);
die("Modify Error: ".$mesg->error_text) if $mesg->is_error;
When this statement executes I get the following:
Modify Error: The server cannot find an object specified in the request
So I am guessing the reason I cannot login with the DN or change the
record is that I have the wrong DN. But I am not sure what I am supposed
to use.
Any help would be greatly appreciated,
Eric
