Reputation: 671
Python 3.5, ldap3 and modify_password()
I've been pulling my hair out trying to send a request to update my own password via a script. here is the code:
#!/usr/bin/python3.5
from ldap3 import Server, Connection, NTLM, ALL
server = Server('ldap://192.168.0.80', use_ssl=True)
conn = Connection(server, user="local\\dctest", password="Pa55word1", authentication=NTLM, auto_bind=True)
dn = "CN=dctest,CN=Users,DC=home,DC=local"
conn.extend.microsoft.modify_password(dn, new_password="Pa55word2", old_password="Pa55word1")
The error that i get is:
{'dn': '', 'type': 'modifyResponse', 'description': 'unwillingToPerform', 'referrals': None, 'result': 53, 'message': '00002077: SvcErr: DSID-03190E44, problem 5003 (WILL_NOT_PERFORM), data 0\n\x00'}
Any idea what I'm doing wrong?
I have full access to the DC and I've made sure that the passwords are correct etc. I've read all the docs and just can't get my head around it.
any help would be great!!
Upvotes: 1
Views: 6321
Answers (5)
Reputation: 1
Add the following snippet before making the request to AD:
conn.start_tls()
Upvotes: 0
Reputation: 671
OK thank you to everyone for your help, and the developers on github.
the code i used to make this work in the end was...
from ldap3 import Server, Connection
server = Server('ldaps://<AD server address>', use_ssl=True)
conn = Connection(server, user="<domain>\\<username>", password="<current password>", auto_bind=True)
dn = 'CN=<username>,OU=Users,DC=<dominaname>'
res = conn.extend.microsoft.modify_password(dn, old_password='<current password>', new_password='<new password>')
print(res)
Thought i'd post the working solution as there doesn't seem to be any on the internets!! God speed my fellow devops people.
Upvotes: 1
Reputation: 1196
ldap3.modify_password() as of version 0.9.4.2 doesn't work with Active Directory, because it uses the Password Modify Extended Operation, which isn't supported by AD. MS found a way to do things different with AD, it seems. The ldap3 author (cannatag) was aware of this and added ad_modify_password() shortly after. You'll have to use a newer release of ldap3.
Upvotes: 2
Reputation: 1
Which version of ldap3 are you using? From the source code of ldap3 version 2.2 it would seem to me that the function should be use in a similar way:
#!/usr/bin/python3.5
from ldap3 import Server, Connection, NTLM, ALL
server = Server('ldap://192.168.0.80', use_ssl=True)
conn = Connection(server, user="local\\dctest", password="Pa55word1", authentication=NTLM, auto_bind=True)
res = ldap3.extend.microsoft.modifyPassword(conn, user, "new_Pa55word2", "old_Pa55word1")
Upvotes: 0
Reputation: 1588
Try with ldaps:// instead of ldap://. or dont use the scheme at all and pass use_ssl=True in the Server definition. AD connection must use ssl to modify the password.
Upvotes: 0
Related Questions
- Changing Active Directory user password in Python 3.x
- Unable to change user's password via ldap3 Python3
- LDAP modify password
- Facing Issues with LDAP-Login when using in Python
- change password with python-ldap
- How to authenticate LDAP properly?
- How to force user to change password at next logon with ldap3 python module?
- Python ldap3 rebind method doesn't raise error
- Changing userPassword in OpenLDAP using ldap3 library
- python LDAP modify password