ldap.passwd_s with Active Direcory
Michael Ströder
michael at stroeder.com
Tue Aug 4 19:23:23 CEST 2009
Mike.Peters at opengi.co.uk wrote:
>
>> There's a MSDN article about how to set attribute unicodePwd via LDAP
>> in AD.
>
> If I try the alternative method however:
>
> mod_attrs = [( ldap.MOD_REPLACE, 'unicodePwd', 'password' )]
> dn = 'CN=Barney Rubble,OU=Users,DC=mydomain,dc=local'
> r = l.modify_s(dn, mod_attrs)
>
> I get:
>
> {'info': '0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to perform'}
>
> I guess I'm still missing something :(
Did you search for the MSDN article? The value has to be in your case above:
'"password"'.encode('utf-16-le')
Note the quotes and the UTF-16 low-endian encoding.
> One thing which may be relevant is if I use l.start_tls_s() before
> simple_bind_s, the login fails although without start_tls_s Wireshark shows
> the connection to be encrypted.
With AD the connection has to be encrypted for write access to unicodePwd but
that can also be done with ldaps:// on port 636.
Ciao, Michael.
More information about the python-ldap
mailing list