Reputation: 339
LDAP modify password
I have a Windows 2012 R2 server and a LDAP server on it. I wrote a python script to modify the password of user (the user, who isn't admin, want to modify is own password. I have an other function which modify the password when you're admin, but I don't want to set a password, but modify it). This is a sample of my code :
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ld = ldap.initialize('ldaps://XXX:636')
ld.simple_bind_s('[email protected]', 'ZZZZZ')
new = {'unicodePwd':[str('"YYYYY"').decode('utf8').encode('utf-16-le')]}
old = {'unicodePwd':[str('"ZZZZZ"').decode('utf8').encode('utf-16-le')]}
ldif = modlist.modifyModlist(old, new)
ld.modify_s('A DN',ldif)
But when I run it, I have an error (on the last line):
{'info': '00000056: AtrErr: DSID-03191083, #1:\n\t0: 00000056: DSID-03191083, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)\n', 'desc': 'Constraint violation'}
I checked the error :
"The specified network password is not correct."
But, I use the same password to connect to user to change it. I tried with(out) double quote, with(out) utf-8, enter a real bad old password... but nothing change, I always have the same error
If someone could help me, thanks in advance.
Upvotes: 1
Views: 1826
Answers (1)
Reputation: 339
I achieved to change the password, here is the code :
#!/usr/bin/env python
#coding:utf-8
import ldap
import ldap.modlist as modlist
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
ld = ldap.initialize('ldaps://XXX:636')
ld.simple_bind_s('[email protected]', 'XXX')
newpassword = 'YYY'
oldpassword = 'ZZZ'
newpassword = unicode('\"' + newpassword + '\"').encode('utf-16-le')
oldpassword = unicode('\"' + oldpassword + '\"').encode('utf-16-le')
pass_mod = [(ldap.MOD_DELETE, 'unicodePwd', [oldpassword]), (ldap.MOD_ADD, 'unicodePwd', [newpassword])]
result = ld.modify_s('A DN', pass_mod)
I hope it will help someone ! :D
Upvotes: 2