On Thursday, 28 April 2011 21:07:20 Prentice Bisbal wrote: > We recently updated our Active Directory servers to 2008 R2. I had a > perl script that would change a users password in OpenLDAP and Active > Directory at the same time. This was working fine until the update. I > can still change a user's password when I bind as an AD administrator, > but not as a normal user. Has anyone else here gone through this? > > I know the that behavior or replacing a password is different whether > you are an administrator or regular user changing your own password, as > documented here: > > http://support.microsoft.com/?kbid=269190 > > I wrote this code based on the above link: > > # AD doesn't allow non-admin users to replace their password. > # Instead, it must be deleted and re-added. Administrators can only > # replace a password. > if ($username ne getlogin()) { > $mesg = $ad->modify($ad_user_dn, replace=>{unicodePwd => > $newUnicodePwd} ); > } else { > $mesg = $ad->modify($ad_user_dn, delete=>{unicodePwd => > $newUnicodePwd}); > $code = $mesg->code; > if ($code != 0) { > $mesg = $ad->modify($ad_user_dn, replace=>{unicodePwd => > $newUnicodePwd} );
You should probably: warn $mesg->error if $mesg->code; here. > } > } > This worked for just fine until the upgrade to 2008 R2. Any ideas? Well, maybe the LDAP server told you, but you have to listen ... Regards, Buchan
