Chris Ridd wrote:
On 26/6/06 7:40, Justin Alcorn <[EMAIL PROTECTED]> wrote:
Unfortunately, our AD will not allow an active user to not have a
password. So the delete and add fails. Therefore, I had to use the
Well that's just broken, and in violation of the LDAP spec.
What happens if your modify operation tries to add the new value and then
delete the old one? ie the opposite order to this line:
# attempt the self-modify. Unfortunately, it will always fail for now
$mesg = $ldap->modify($dn,
changes => [
delete => [ unicodePwd => $oldUniPW ],
add => [ unicodePwd => $newUniPW ] ]);
Hey, that works!!!!
*slaps forehead*
Geez, I'm glas someone else asked the question. I've been beating my
brains on this one. I just never thought about the fact that we require
passwords on all accounts, until today.
Someone should change the FAQ......
# build the conversion map from your local character set to Unicode
my $charmap = Unicode::Map8->new('latin1') or die;
# surround the PW with double quotes and convert it to UTF-16
# byteswap() was necessary in experiments on i386 Linux, YMMV
my $oldUniPW = $charmap->tou('"'.$oldpw.'"')->byteswap()->utf16();
my $newUniPW = $charmap->tou('"'.$pw1.'"')->byteswap()->utf16();
my $ldap = Net::LDAP->new($adhost,verify=>'none') or die "$@";
my $mesg = $ldap->bind($dn,
password => $oldpw);
if ($mesg->code) {
print $q->header({-location =>
$ldapmsglink.$mesg->code."&message=Cannot Authenticate to AD:
".$mesg->error_name});
exit 1;
}
$mesg = $ldap->modify($dn,
changes => [
add => [ unicodePwd => $newUniPW ],
delete => [ unicodePwd => $oldUniPW ] ]);
if ($mesg->code) {
print $q->header({-location =>
$ldapmsglink.$mesg->code."&message=(R) Cannot Change Password:
".$mesg->error_name});
exit 1;
}
$ldap->unbind();
