ldap.passwd_s with Active Direcory
Russell Jackson
raj at csub.edu
Wed Aug 5 17:18:07 CEST 2009
Mike.Peters at opengi.co.uk wrote:
>> -----Original Message-----
>> From: Michael Ströder [mailto:michael at stroeder.com]
>> Sent: 04 August 2009 18:23
>> To: Mike Peters
>> Cc: python-ldap-dev at lists.sourceforge.net
>> Subject: Re: ldap.passwd_s with Active Direcory
>>
>> Mike.Peters at opengi.co.uk wrote:
>>>> There's a MSDN article about how to set attribute unicodePwd via
>> LDAP
>>>> in AD.
>>> If I try the alternative method however:
>>>
>>> mod_attrs = [( ldap.MOD_REPLACE, 'unicodePwd', 'password' )]
>>> dn = 'CN=Barney Rubble,OU=Users,DC=mydomain,dc=local'
>>> r = l.modify_s(dn, mod_attrs)
>>>
>>> I get:
>>>
>>> {'info': '0000001F: SvcErr: DSID-031A0FC0, problem 5003
>> (WILL_NOT_PERFORM), data 0\n', 'desc': 'Server is unwilling to
>> perform'}
>>> I guess I'm still missing something :(
>> Did you search for the MSDN article? The value has to be in your case
>> above:
>>
>> '"password"'.encode('utf-16-le')
>>
>> Note the quotes and the UTF-16 low-endian encoding.
>>
>
> Thanks again for your help. I tried that but to no avail. I still get the same error. Do you know if the fact I'm accessing the server over a VPN would make any difference?
>
For what it's worth, this is the working code I use to set the password. I didn't realize
you could use the -le suffix to get an encoding without the byte order mark which I've
just been stripping off. The example posted above should be equivalent.
ldap_conn.modify_s(dn, [
(
ldap.MOD_REPLACE,
'unicodePwd',
''.join(('"', pwd, '"')).encode('utf-16').lstrip('\377\376'),
)
])
Another thing to note is that the connection must be under a TLS layer.
--
Russell A. Jackson <raj at csub.edu>
Network Analyst
California State University, Bakersfield
Excellent day to have a rotten day.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20090805/bbcd4daa/attachment.pgp>
More information about the python-ldap
mailing list