Comments on: Victory! Change Active Directory Password via LDAP through browser http://www.evanhoffman.com/evan/2010/01/13/victory-change-active-directory-password-via-ldap-through-browser/ When 3-nines uptime is just way too much. Sun, 05 Sep 2010 23:21:00 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: evan http://www.evanhoffman.com/evan/2010/01/13/victory-change-active-directory-password-via-ldap-through-browser/comment-page-1/#comment-438 evan Tue, 30 Mar 2010 18:54:53 +0000 http://www.evanhoffman.com/evan/?p=321#comment-438 Actually, I tried a bunch of different things and some of them worked "halfway." I sent raw LDIF records directly to the AD server and that worked, so I assumed there had to be some way to do it via code, even if it came down to opening a raw socket. The Perl script I have in use does work though, with the "modify" command. I think as long as the delete/add takes place in a single transaction (and you provide the old password) it does work. The problem with PHP, iirc, was that it implemented the delete/add as two separate operations. Actually, I tried a bunch of different things and some of them worked “halfway.” I sent raw LDIF records directly to the AD server and that worked, so I assumed there had to be some way to do it via code, even if it came down to opening a raw socket. The Perl script I have in use does work though, with the “modify” command. I think as long as the delete/add takes place in a single transaction (and you provide the old password) it does work. The problem with PHP, iirc, was that it implemented the delete/add as two separate operations.

]]> By: Jason Fried http://www.evanhoffman.com/evan/2010/01/13/victory-change-active-directory-password-via-ldap-through-browser/comment-page-1/#comment-437 Jason Fried Tue, 30 Mar 2010 18:05:33 +0000 http://www.evanhoffman.com/evan/?p=321#comment-437 Instead of using charmap. you can convert the password to UTF16 Little Endian in a simple fashion using just Unicode::String my $UTF16pass = Unicode::String::utf8("\"$password\"")->utf16le(); Which makes more sense than byte swap. Does the modify method work for password reset? I found that i had to use an admin account with replace to get it to work. And most sites I saw said the modify method was broken with Active Directory. Instead of using charmap. you can convert the password to UTF16 Little Endian in a simple fashion using just Unicode::String

my $UTF16pass = Unicode::String::utf8(“\”$password\”")->utf16le();

Which makes more sense than byte swap.

Does the modify method work for password reset?
I found that i had to use an admin account with replace to get it to work. And most sites I saw said the modify method was broken with Active Directory.

]]>