Reputation: 75
Unable to change user's password via ldap3 Python3
Whenever I try to change someone's password via ldap3 library I get the following error:
{'type': 'modifyResponse', 'result': 53, 'message': '0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n\x00', 'referrals': None, 'description': 'unwillingToPerform', 'dn': ''}
This error usually occurs because of the two conditions: either user is trying to modify the password through the unencrypted connection or the password is being sent with the incorrect encoding. My SSL connection is fine (at least it seems to be):
print(connection)
>>> ldaps://DC1.DOMAIN.LOCAL:636 - ssl - user: DOMAIN\admin - not lazy - bound - open - <local: 172.16.10.2:49230 - remote: 172.16.10.254:636> - tls not started - listening - SyncStrategy - internal decoder
I tried to encode the string I'm trying send to the LDAP server, but .encode('utf-16le') didn't do the trick. Any other workarounds?
I have a test domain environment with Windows Server 2012 R2 as a domain controller, and the code I'm trying to change the password with is present below.
import ssl
from ldap3 import *
tls_configuration = Tls(validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1_2)
s = Server('DC1.domain.local', get_info=ALL, use_ssl=True, tls=tls_configuration)
password = 'mypasswordhere'
c = Connection(s, user="DOMAIN\\admin", password=password)
c.open()
c.bind()
user = "CN=Dummy Dumass,OU=Automatically Generated,OU=Staff,OU=RU,DC=DOMAIN,DC=LOCAL"
c.modify(user, {
'unicodePwd': [(MODIFY_REPLACE, ['New12345'])]
})
print(c.result)
c.unbind()
Upvotes: 6
Views: 11745
Answers (3)
Reputation: 71
The mentioned code is working for me, but changing password is only possible while using ssl. Change the server definition line as below:
ldap_server = ldap3.Server(SERVER, get_info=ldap3.ALL, use_ssl=True)
Upvotes: 1
Reputation: 86
This code is working with Windows 2012 R2 AD:
pip install ldap
#!/usr/bin/python
import ldap3
SERVER='127.0.0.1'
BASEDN="DC=domain,DC=com"
USER="[email protected]"
CURREENTPWD="current_password"
NEWPWD="new_password"
SEARCHFILTER='(&(|(userPrincipalName='+USER+')(samaccountname='+USER+')(mail='+USER+'))(objectClass=person))'
USER_DN=""
ldap_server = ldap3.Server(SERVER, get_info=ldap3.ALL)
conn = ldap3.Connection(ldap_server, USER, CURREENTPWD, auto_bind=True)
conn.start_tls()
print conn
conn.search(search_base = BASEDN,
search_filter = SEARCHFILTER,
search_scope = ldap3.SUBTREE,
attributes = ['cn', 'givenName'],
paged_size = 5)
for entry in conn.response:
if entry.get("dn") and entry.get("attributes"):
if entry.get("attributes").get("cn"):
USER_DN=entry.get("dn")
print USER_DN
print ldap3.extend.microsoft.modifyPassword.ad_modify_password(conn, USER_DN, NEWPWD, CURREENTPWD, controls=None)
Upvotes: 2
Reputation: 1588
ldap3 contains a specific method for changing AD password, use the following code instead of c.modify():
c.extend.microsoft.modify_password(user, new_password)
Upvotes: 9
Related Questions
- Python 3.5, ldap3 and modify_password()
- Changing Active Directory user password in Python 3.x
- How to change the user password using ldap passwd_s function
- python-ldap login to Active Directory always says Invalid Credentials
- change password with python-ldap
- Update Active Directory Password using ldap python
- How to force user to change password at next logon with ldap3 python module?
- How can I change password for domain user(windows Active Directory) using Python?
- Changing userPassword in OpenLDAP using ldap3 library
- python LDAP modify password