David Leonard wrote: > > As far as I understand it, the unicodePwd attribute is the NT hash of > the user's password.
I don't think so when setting it. Maybe it contains the NT hash afterwards, but conversion is probably done internally. http://support.microsoft.com/kb/269190 It seems you need to combine ldap.MOD_DELETE with old password and ldap.MOD_ADD with new password when setting unicodePwd yourself and ldap.MOD_REPLACE when setting it for another account. Additionally you have to use quotes around it. And furthermore it has to be UTF-16-encoded (low endian). MS docs are usually poorly written. > Also, you may want to look at using SASL/GSSAPI/Kerberos to bind to AD's > LDAP. It should be a lot easier to manage than SSL certs. The SSL certs are not used to bind to AD in this case. Rather they are just used to connect over SSL (ldaps://). Ciao, Michael. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev