Robin Bobin
Reputation: 141
python-ldap change unicodePwd issue
I am already managing different user`s AD attrs with code:
l = ldap.initialize('ldap://172.25.1.2')
l.simple_bind_s(admin_dn, admin_pw)
user_dn="dn_here"
change_attr = [(ldap.MOD_REPLACE, 'attr_to_change', new_value)]
l.modify_s(user_dn,change_attr)
l.unbind_s()
And it worked for all nessesary attrubutes, except unicodePwd. After looking for a solution, I`ve found that unicodePwd should be changed using ldaps connection and port 636 (Python+LDAP+SSL). So I had tried to use that example:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
l = ldap.initialize('ldaps://172.25.1.2:636')
l.set_option(ldap.OPT_REFERRALS, 0)
l.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
l.set_option(ldap.OPT_X_TLS,ldap.OPT_X_TLS_DEMAND)
l.set_option( ldap.OPT_X_TLS_DEMAND, True )
l.set_option( ldap.OPT_DEBUG_LEVEL, 255 )
l.simple_bind_s(admin_dn, admin_pw)
#change unicodePwdCOde here
l.unbind_s()
but got an error:
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server"}
Should it have any solution in my code, or it should be fixed from AD server config? Thanks for any help. Sry for grammar mistakes.
Upvotes: 1
Views: 748
Answers (1)
Erlandsen-tech
Reputation: 74
I have answered this with example code (for encoding of unicodePwd), here: unicodePwd Attribute in AD
The gist of the answer is;
- You have to use ldaps (ssl encryption)
- You have to encode the password
Upvotes: 2
Related Questions
- What are CN, OU, DC in an LDAP search?
- I can't install python-ldap
- Update unicodepwd in ActiveDirectory
- LDAP CHANGE PASSWORD PHP
- Postgresql LDAP authentication over SSL
- What are the differences between LDAP and Active Directory?
- Configuring LDAP
- Should my LDAP client application have option to use "ldaps" and/or "StartTLS"?
- can not bind to the LDAP directory with secure connection with php