Justin Alcorn wrote:
Christopher A Bongaarts sent the following missive on 6/26/2006 4:40 PM:
In the immortal words of Justin Alcorn:
Apparently, the delete now worked - but on the FIRST password, not the
second.
Are you sure you're not seeing the effects of replication latency?
I'm not really sure of ANYTHING at this point. I'll be doing some more
testing today. However, I have two DCs and they are on the same subnet.
OK, test setup:
perl-ldap apache web server connecting to a single AD domain controller
that is the ONLY controller in the domain. There is no replication to
be latent.
user: adams
initial password: test1234
Code snippet:
my $charmap = Unicode::Map8->new('latin1') or die;
my $oldUniPW = $charmap->tou('"'.$oldpw.'"')->byteswap()->utf16();
my $newUniPW = $charmap->tou('"'.$pw1.'"')->byteswap()->utf16();
my $ldap = Net::LDAP->new($adhost,verify=>'none') or die "$@";
my $mesg = $ldap->bind($dn,
password => $oldpw);
if ($mesg->code) {
print $q->header({-location =>
$ldapmsglink.$mesg->code."&message=Cannot Authenticate to AD:
".$mesg->error_name});
exit 1;
}
$mesg = $ldap->modify($dn,
changes => [
delete => [ unicodePwd => $oldUniPW ],
add => [ unicodePwd => $newUniPW ] ]);
if ($mesg->code) {
print $q->header({-location =>
$ldapmsglink.$mesg->code."&message=(R) Cannot
Change Password: ".$mesg->error_name});
exit 1;
}
$ldap->unbind();
Change password from test1234 -> ume1234
both passwords work for LDAP bind. Wait 10 minutes, still both work.
Change password from ume1234 -> blah1234
test1234 no longer works for bind. ume1234 and blah1234 both work for bind.
Change password from blah1234 -> net1234
ume1234 no longer works. blah1234 and net1234 both work for bind. Only
net1234 works for logon to desktop.
Use MMC to reset password (as administrator) to last1234.
blah1234 no longer works. net1234 AND last1234 BOTH WORK FOR BIND! So
the Users & Computers app is doing the same thing - deleting the top of
stack password.
Any ideas????
