Re: ldap.passwd_s with Active Direcory

Wed, 05 Aug 2009 08:34:00 -0700 

mike.pet...@opengi.co.uk wrote:
>> -----Original Message-----
>> From: Michael Ströder [mailto:mich...@stroeder.com]
>> Sent: 04 August 2009 18:23
>> To: Mike Peters
>> Cc: python-ldap-dev@lists.sourceforge.net
>> Subject: Re: ldap.passwd_s with Active Direcory
>>
>> mike.pet...@opengi.co.uk wrote:
>>>> There's a MSDN article about how to set attribute unicodePwd via
>> LDAP
>>>> in AD.
>>> If I try the alternative method however:
>>>
>>> mod_attrs = [( ldap.MOD_REPLACE, 'unicodePwd', 'password' )]
>>> dn = 'CN=Barney Rubble,OU=Users,DC=mydomain,dc=local'
>>> r = l.modify_s(dn, mod_attrs)
>>>
>>> I get:
>>>
>>> {'info': '0000001F: SvcErr: DSID-031A0FC0, problem 5003
>> (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to
>> perform'}
>>> I guess I'm still missing something :(
>> Did you search for the MSDN article? The value has to be in your case
>> above:
>>
>> '"password"'.encode('utf-16-le')
>>
>> Note the quotes and the UTF-16 low-endian encoding.
>>
> 
> Thanks again for your help. I tried that but to no avail. I still get the 
> same error. Do you know if the fact I'm accessing the server over a VPN would 
> make any difference?
> 

For what it's worth, this is the working code I use to set the password. I 
didn't realize
you could use the -le suffix to get an encoding without the byte order mark 
which I've
just been stripping off. The example posted above should be equivalent.

ldap_conn.modify_s(dn, [
        (
                ldap.MOD_REPLACE,
                'unicodePwd',
                ''.join(('"', pwd, '"')).encode('utf-16').lstrip('\377\376'),
        )
])

Another thing to note is that the connection must be under a TLS layer.

-- 
Russell A. Jackson <r...@csub.edu>
Network Analyst
California State University, Bakersfield

Excellent day to have a rotten day.

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev

Reply via email to