Justin Alcorn wrote:
I spoke too soon.
The new password now works.
Unfortunately, so does the old one. The delete never happened. No
error, it just silently adds the new password without deleting the old
one. Something is VERY fishy here. Obviously, unicodePwd is a
multi-valued attribute, and the user cannot delete the values. But why
no error message?
Odder and Odder.
I changed the code back to a delete then an add, and tried a third
password on the same account. The old password I specified was the
second password.
Apparently, the delete now worked - but on the FIRST password, not the
second.
Sequence:
Create account with password 'FirstPass'
perl code (delete then add) fails.
perl code (add then delete) succeeds for change from
FirstPass->SecondPass, but FirstPass will still bind to AD.
perl code (delete then add) now changes password SecondPass->ThirdPass,
but only FirstPass is deleted. SecondPass and ThirdPass will now
successfully bind to AD, but not FirstPass.
Interestingly, only ThirdPass will work for a desktop logon. SecondPass
will NOT work except for an LDAP Bind.
perl code (add then delete) ThirdPass->FourthPass results:
SecondPass is now gone. ThirdPass and FourthPass will bind to AD.
So the delete is deleting the first password in the stack, as long as
there is actually a password after the delete.
Any ideas?
