RE: ldap.passwd_s with Active Direcory

Tue, 04 Aug 2009 09:49:08 -0700 

Michael,

Thanks for the quick response, much appreciated. I guess I've been barking up 
the wrong tree then :)

If I try the alternative method however:

mod_attrs = [( ldap.MOD_REPLACE, 'unicodePwd', 'password' )]
dn = 'CN=Barney Rubble,OU=Users,DC=mydomain,dc=local'
r = l.modify_s(dn, mod_attrs)

I get:

{'info': '0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), 
data 0\n', 'desc': 'Server is unwilling to perform'}

I guess I'm still missing something :(

One thing which may be relevant is if I use l.start_tls_s() before 
simple_bind_s, the login fails although without start_tls_s Wireshark shows the 
connection to be encrypted.

Thanks again

Mike Peters


> -----Original Message-----
> From: Michael Ströder [mailto:mich...@stroeder.com]
> Sent: 04 August 2009 17:29
> To: Mike Peters
> Cc: python-ldap-dev@lists.sourceforge.net
> Subject: Re: ldap.passwd_s with Active Direcory
> 
> mike.pet...@opengi.co.uk wrote:
> >
> > I'm not sure if this is the right place for this query, but I
> couldn't
> > find a python-LDAP-Users list.
> >
> > I'm trying to modify a user's password on an Windows 2003 Active
> > directory using passwd_s, however the server is returning the
> following
> > error:
> >
> > {'info': '0000203D: LdapErr: DSID-0C090C7D, comment: Unknown extended
> > request OID, data 0, vece', 'desc': 'Protocol error'}
> >
> > I realise this is a server configuration thing as opposed to a
> > python-ldap issue, but google hasn't been any help so far. Does
> anyone
> > here know what it is I need to enable/change in order to get it to
> work?
> 
> This is because Windows 2003 AD does not support the LDAP Password
> Modify
> Extended Operation (see RFC 3062).
> 
> > The connection is using ldaps:// on port 636 and I can search the AD
> and
> > modify other values eg givenName etc, just not passwords, and I'm
> > binding as domain administrator.
> 
> There's a MSDN article about how to set attribute unicodePwd via LDAP
> in AD.
> 
> Ciao, Michael.

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev

Reply via email to