directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Myrtil, Benson" <bmyr...@charterschoolsusa.com>
Subject Re: Updating unicodePwd
Date Wed, 17 Jun 2015 17:57:33 GMT
Very nice article. I been googling for 3 days now and didn’t find that one. However, I am
still getting the same issue. Below is how I am handling the password.

password = “FakePasswordTest”;
quotedPassword = '"' & password & '"';
bytePassword = quotedPassword.getBytes("UTF-16LE");
toBase64 = toBase64(bytePassword);

I verified the complexity on the AD server only requires a minimum of 8 characters. No other
constraints exist. I read that the password had to be changed to base64 after getting the
bytes so I tried that way as well. Neither works.

On Jun 17, 2015, at 1:44 PM, Richard Sand <rsand@idfconnect.com<mailto:rsand@idfconnect.com>>
wrote:

There is something else you are missing that AD requires in addition to the SSL - it is very
finicky about setting the password, and I've seen many times where create-user succeeds but
setting the password fails.

Are you properly encoding the password attribute? UTF-16 and quoted?

Here's a good article to reference I just googled:

http://www.dirmgr.com/blog/2010/8/26/ldap-password-changes-in-active-directory.html

Hope this helps...

R-Richard

[cid:part1.04010300.09020507@idfconnect.com]
Myrtil, Benson<mailto:bmyrtil@charterschoolsusa.com>
June 17, 2015 at 12:57 PM
Does any one have any working code of updating the unicodePwd.

connectionConfig.setLdapHost( server );
connectionConfig.setLdapPort( 636 );
connectionConfig.setName( username );
connectionConfig.setCredentials( password );
connectionConfig.setUseSsl( 1 );
connectionConfig.setSslProtocol( "SSLv3" );

I can bind just fine and create an account but when i try to update the password I get the
follow error:

Messages: 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0

Im pretty sure the password encoding is correct because i took an example straight from the
Tech Microsoft site. Any ideas?



Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message