Re: ActiveDirectory LDAP Change password

Wed, 28 Jun 2006 06:02:56 -0700

Well, this explain it. Something else must also have changed in the last year to allow the code to work as documented, because last summer it definitely wouldn't work. 

This morning, only my latest passwords work.
Regardless, the code works. I've included the code snippet at the bottom for completeness. 

Webb, Andy wrote:

http://support.microsoft.com/kb/906305/en-us


-----Original Message-----
From: Justin Alcorn [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 27, 2006 3:48 PM 
To: perl-ldap@perl.org
Subject: Re: ActiveDirectory LDAP Change password

Justin Alcorn wrote:
blah1234 no longer works. net1234 AND last1234 BOTH WORK FOR BIND! So the Users & Computers app is doing the same thing - deleting the top of stack password. 

Any ideas????



Went to a meeting for about an hour and came back.  Now it appears that
only last1234 is working.  So maybe it's not replication latency- maybe
it's some kind of cache.

I'm using apache on a RedHat Fedora server.  No kerberos, but I am doing
pam_ldap.  Any chance there's some kind of cache on the server giving me
these odd results?

It's not the web server.  ldapsearch can bind as the user using either
password from multiple machines.  I forced replication among all of my
AD servers, and it still works, now more than an hour after changing the
password.

Is it possible every time I log on with the old password I touch the
cached entry and it stays active?

This is still making no real sense to me.
However, the important part is that the delete and add code is working. I have no idea why it is working when it didn't used to work. Perhaps 
one of the patches we have installed in the last year?



use Net::LDAP;
use Unicode::Map8;
use Unicode::String qw(utf16);

my $charmap = Unicode::Map8->new('latin1')  or  die;

# surround the PW with double quotes and convert it to UTF-16
# byteswap() was necessary in experiments on i386 Linux, YMMV
my $oldUniPW = $charmap->tou('"'.$oldpw.'"')->byteswap()->utf16();
my $newUniPW = $charmap->tou('"'.$pw1.'"')->byteswap()->utf16();

my $ldap = Net::LDAP->new($adhost,verify=>'none')  or  die "$@";

my $mesg = $ldap->bind($dn, password => $oldpw);
if ($mesg->code) {
    error_routine($mesg);
    exit 1;
}
$mesg = $ldap->modify($dn,
                changes => [
                        delete => [ unicodePwd => $oldUniPW ],
                        add    => [ unicodePwd => $newUniPW ] ]);
if ($mesg->code) {
    error_routine($mesg);
    exit 1;
}
$ldap->unbind();
exit 0;

Reply via email to