I'm attempting to reset AD passwords without SSL as our AD server admin doesn't know how to enable SSL on the AD server.
The link between the machine and the AD server is secure for other reasons and so SSL is not necessary (at least from our server-manager's perspective). The MS documentation does not indicate that this is possible, but essentially in order to update passwords you need to either have SSL, TLS, or (undocumented) set the LDAP_OPT_ENCRYPTION = 1 on the LDAP connection. (Incidentally, LDAP_OPT_ENCRYPTION is defined as 0x96) [1] I have one report of the undocumented option being possible in VB.NET which seems to indicate to me that AD itself supports changing passwords *without* SSL or TLS. It's just a matter of figuring out exactly how VB.NET (or other .NET languages, I presume) does it. For, I hope, obvious reasons, I'm not planning on using VB unless it's absolutely necessary. In fact, I think it shouldn't be necessary. However, as far as my research shows, setting the option is unsupported in PHP [2] (language I have most experience with), Python, and now I've come to Perl. My thinking was that if it's possible anywhere, the Perl folks would have figured it out. I've searched Perl documentation on setting this option and doing non-SSL password changes and I can't seem to find any hint that this is possible. If you know how to set this option or how to achieve it please let me know! [1] http://msdn.microsoft.com/en-us/library/aa367019(v=vs.85).aspx [2] http://bugs.php.net/bug.php?id=50924 Sam
