[python-ldap] Password history / password policy
Joey Hendricks
joeyhendricks20 at gmail.com
Wed Feb 15 06:19:04 EST 2017
Hi guys,
I,m busy with the Python-Ldap module and i,m running into a bit of trouble
with my company's password policy.
We dont want a user to be able to reset his password to a password he has
used before we have set our password policy the following way:
Enforce password history : 24 passwords
remembered
Maximum password age : 42 days
Minimum password age : 1 days
Minimum password length : 8 characters
Password must meet complexity requirements : Disabled
i,m using the following Pyhton code to change the password
server = LDAP_IP
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT,
ldap.OPT_X_TLS_NEVER)
conn = ldap.initialize(server)
conn.set_option(ldap.OPT_REFERRALS, 0)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
conn.set_option(ldap.OPT_X_TLS, ldap.OPT_X_TLS_DEMAND)
conn.set_option(ldap.OPT_X_TLS_DEMAND, True)
conn.set_option(ldap.OPT_DEBUG_LEVEL, 4095)
conn.simple_bind_s(base64.b64decode(BIND_DN),
base64.b64decode(BIND_PASS))
password_value1 = '"{0}\"'.format(pwd).encode("utf-16-le")
add_pass = [(ldap.MOD_REPLACE, "UnicodePwd", password_value1)]
conn.modify_s(CN_NAME, add_pass)
conn.unbind_s()"
Or is there a way that the ad wont change the password if the password has
been used before.
So that I completely obey my password policy.
I hope someone can help me
Kind regards
Joey Hendricks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20170215/2d55a78e/attachment.html>
More information about the python-ldap
mailing list