Comments on: LDAP-Active Directory authentication, Part 3 http://www.evanhoffman.com/evan/2010/01/08/ldap-active-directory-authentication-part-3/?utm_source=rss&utm_medium=rss&utm_campaign=ldap-active-directory-authentication-part-3 So I can pass it off Sat, 28 Jan 2012 05:15:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: evan http://www.evanhoffman.com/evan/2010/01/08/ldap-active-directory-authentication-part-3/#comment-72 evan Sat, 09 Jan 2010 15:11:29 +0000 http://www.evanhoffman.com/evan/?p=309#comment-72 From <a href="http://support.microsoft.com/kb/263991" rel="nofollow">Microsoft</a>: <blockquote>There are two ways to modify the unicodePwd attribute. The first is analogous to a typical user change-password operation. In this case, the modify request must contain both a delete operation and an add operation. The delete operation must contain the current password enclosed in quotation marks and be Base64 encoded as described in RFC 1521. The add operation must contain the new password enclosed in quotation marks and be Base64 encoded.</blockquote> This, however, doesn't work when I bind as the user, only when I bind as an admin. From Microsoft:

There are two ways to modify the unicodePwd attribute. The first is analogous to a typical user change-password operation. In this case, the modify request must contain both a delete operation and an add operation. The delete operation must contain the current password enclosed in quotation marks and be Base64 encoded as described in RFC 1521. The add operation must contain the new password enclosed in quotation marks and be Base64 encoded.

This, however, doesn’t work when I bind as the user, only when I bind as an admin.

]]>