Return-Path: 
 <api-return-678-apmail-directory-api-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-api-archive@minotaur.apache.org
Delivered-To: apmail-directory-api-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2693A185BA
	for <apmail-directory-api-archive@minotaur.apache.org>;
 Wed, 17 Jun 2015 17:55:10 +0000 (UTC)
Received: (qmail 42444 invoked by uid 500); 17 Jun 2015 17:55:10 -0000
Delivered-To: apmail-directory-api-archive@directory.apache.org
Received: (qmail 42424 invoked by uid 500); 17 Jun 2015 17:55:10 -0000
Mailing-List: contact api-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:api-help@directory.apache.org>
List-Unsubscribe: <mailto:api-unsubscribe@directory.apache.org>
List-Post: <mailto:api@directory.apache.org>
List-Id: <api.directory.apache.org>
Reply-To: api@directory.apache.org
Delivered-To: mailing list api@directory.apache.org
Received: (qmail 42412 invoked by uid 99); 17 Jun 2015 17:55:09 -0000
Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 17 Jun 2015 17:55:09 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org)
 with ESMTP id 595D01A5BCC
	for <api@directory.apache.org>; Wed, 17 Jun 2015 17:55:09 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.99
X-Spam-Level: **
X-Spam-Status: No, score=2.99 tagged_above=-999 required=6.31
	tests=[HTML_MESSAGE=3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01,
	URIBL_BLOCKED=0.001] autolearn=disabled
Received: from mx1-us-west.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new,
 port 10024)
	with ESMTP id 0MM_t1YOyYei for <api@directory.apache.org>;
	Wed, 17 Jun 2015 17:55:01 +0000 (UTC)
Received: from HQMS2.CSHQ.internal (mail.charterschoolsusa.com
 [209.255.166.100])
	by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with
 ESMTPS id B5299216F2
	for <api@directory.apache.org>; Wed, 17 Jun 2015 17:55:00 +0000 (UTC)
Received: from HQMS2.CSHQ.internal ([fe80::f133:794b:d4ba:db71]) by
 HQMS2.CSHQ.internal ([fe80::f133:794b:d4ba:db71%11]) with mapi id
 14.01.0355.002; Wed, 17 Jun 2015 13:57:34 -0400
From: "Myrtil, Benson" <bmyrtil@charterschoolsusa.com>
To: "api@directory.apache.org" <api@directory.apache.org>
Subject: Re: Updating unicodePwd
Thread-Topic: Updating unicodePwd
Thread-Index: AQHQqR6ptESLRz7J+E6Cd+65lPaGuJ2xO06AgAAC7gA=
Date: Wed, 17 Jun 2015 17:57:33 +0000
Message-ID: <37F88697-72C4-49D1-949F-B01DC048F450@charterschoolsusa.com>
References: <1F44391B-94BB-47BF-8084-769FA1AC26D2@charterschoolsusa.com>
 <5581B1F7.5030000@idfconnect.com>
In-Reply-To: <5581B1F7.5030000@idfconnect.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
x-originating-ip: [10.1.1.26]
Content-Type: multipart/related;
	boundary="_004_37F8869772C449D1949FB01DC048F450charterschoolsusacom_";
	type="multipart/alternative"
MIME-Version: 1.0

--_004_37F8869772C449D1949FB01DC048F450charterschoolsusacom_
Content-Type: multipart/alternative;
	boundary="_000_37F8869772C449D1949FB01DC048F450charterschoolsusacom_"

--_000_37F8869772C449D1949FB01DC048F450charterschoolsusacom_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Very nice article. I been googling for 3 days now and didn=92t find that on=
e. However, I am still getting the same issue. Below is how I am handling t=
he password.

password =3D =93FakePasswordTest=94;
quotedPassword =3D '"' & password & '"';
bytePassword =3D quotedPassword.getBytes("UTF-16LE");
toBase64 =3D toBase64(bytePassword);

I verified the complexity on the AD server only requires a minimum of 8 cha=
racters. No other constraints exist. I read that the password had to be cha=
nged to base64 after getting the bytes so I tried that way as well. Neither=
 works.

On Jun 17, 2015, at 1:44 PM, Richard Sand <rsand@idfconnect.com<mailto:rsan=
d@idfconnect.com>> wrote:

There is something else you are missing that AD requires in addition to the=
 SSL - it is very finicky about setting the password, and I've seen many ti=
mes where create-user succeeds but setting the password fails.

Are you properly encoding the password attribute? UTF-16 and quoted?

Here's a good article to reference I just googled:

http://www.dirmgr.com/blog/2010/8/26/ldap-password-changes-in-active-direct=
ory.html

Hope this helps...

R-Richard

[cid:part1.04010300.09020507@idfconnect.com]
Myrtil, Benson<mailto:bmyrtil@charterschoolsusa.com>
June 17, 2015 at 12:57 PM
Does any one have any working code of updating the unicodePwd.

connectionConfig.setLdapHost( server );
connectionConfig.setLdapPort( 636 );
connectionConfig.setName( username );
connectionConfig.setCredentials( password );
connectionConfig.setUseSsl( 1 );
connectionConfig.setSslProtocol( "SSLv3" );

I can bind just fine and create an account but when i try to update the pas=
sword I get the follow error:

Messages: 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM),=
 data 0

Im pretty sure the password encoding is correct because i took an example s=
traight from the Tech Microsoft site. Any ideas?



--_000_37F8869772C449D1949FB01DC048F450charterschoolsusacom_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <AC4BDA9649F4DC4885366338C572DA1C@charterschoolsusa.com>
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space;">
<div apple-content-edited=3D"true">
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
Very nice article. I been googling for 3 days now and didn=92t find that on=
e. However, I am still getting the same issue. Below is how I am handling t=
he password.</div>
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<br>
</div>
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
password =3D =93FakePasswordTest=94;</div>
<div style=3D"color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; t=
ext-align: start; text-indent: 0px; text-transform: none; white-space: norm=
al; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-w=
rap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-=
space;">
<div style=3D"margin: 0px; font-size: 11px; font-family: Monaco;">quotedPas=
sword =3D <span style=3D"color: #009193">
'&quot;'</span> &amp; password &amp; <span style=3D"color: #009193">'&quot;=
'</span>;</div>
<div style=3D"margin: 0px; font-size: 11px; font-family: Monaco;">bytePassw=
ord =3D quotedPassword.getBytes(<span style=3D"color: rgb(0, 145, 147);">&q=
uot;UTF-16LE&quot;</span>);</div>
<div style=3D"margin: 0px; font-size: 11px; font-family: Monaco;">toBase64 =
=3D toBase64(bytePassword);</div>
<div style=3D"margin: 0px; font-size: 11px; font-family: Monaco;"><br>
</div>
<div style=3D"margin: 0px; font-size: 11px; font-family: Monaco;">I verifie=
d the complexity on the AD server only requires a minimum of 8 characters. =
No other constraints exist. I read that the password had to be changed to b=
ase64 after getting the bytes so I
 tried that way as well. Neither works.</div>
</div>
</div>
<br>
<div>
<div>On Jun 17, 2015, at 1:44 PM, Richard Sand &lt;<a href=3D"mailto:rsand@=
idfconnect.com">rsand@idfconnect.com</a>&gt; wrote:</div>
<br class=3D"Apple-interchange-newline">
<blockquote type=3D"cite">
<div bgcolor=3D"#FFFFFF" text=3D"#000000">There is something else you are m=
issing that AD requires in addition to the SSL - it is very finicky about s=
etting the password, and I've seen many times where create-user succeeds bu=
t setting the password fails.<br>
<br>
Are you properly encoding the password attribute? UTF-16 and quoted?<br>
<br>
Here's a good article to reference I just googled:<br>
<br>
<a class=3D"moz-txt-link-freetext" href=3D"http://www.dirmgr.com/blog/2010/=
8/26/ldap-password-changes-in-active-directory.html">http://www.dirmgr.com/=
blog/2010/8/26/ldap-password-changes-in-active-directory.html</a><br>
<br>
Hope this helps...<br>
<br>
R-Richard<br>
<br>
<blockquote style=3D"border: 0px none;" cite=3D"mid:1F44391B-94BB-47BF-8084=
-769FA1AC26D2@charterschoolsusa.com" type=3D"cite">
<div style=3D"margin:30px 25px 10px 25px;" class=3D"__pbConvHr">
<div style=3D"display:table;width:100%;border-top:1px solid=20
#EDEEF0;padding-top:5px">
<div style=3D"display:table-cell;vertical-align:middle;padding-right:6px;">=
<img photoaddress=3D"bmyrtil@charterschoolsusa.com" photoname=3D"Myrtil, Be=
nson" name=3D"compose-unknown-contact.jpg" height=3D"25px" width=3D"25px" a=
pple-inline=3D"yes" id=3D"3F9DA538-0D35-4CD2-AB8D-882F1F1D362B" src=3D"cid:=
part1.04010300.09020507@idfconnect.com"></div>
<div style=3D"display:table-cell;white-space:nowrap;vertical-align:middle;w=
idth:100%">
<a moz-do-not-send=3D"true" href=3D"mailto:bmyrtil@charterschoolsusa.com" s=
tyle=3D"color:#737F92=20
!important;padding-right:6px;font-weight:bold;text-decoration:none=20
!important;">Myrtil, Benson</a></div>
<div style=3D"display:table-cell;white-space:nowrap;vertical-align:middle;"=
><font color=3D"#9FA2A5"><span style=3D"padding-left:6px">June 17, 2015 at =
12:57 PM</span></font></div>
</div>
</div>
<div style=3D"color:#888888;margin-left:24px;margin-right:24px;" __pbrmquot=
es=3D"true" class=3D"__pbConvBody">
Does any one have any working code of updating the unicodePwd.<br>
<br>
connectionConfig.setLdapHost( server );<br>
connectionConfig.setLdapPort( 636 );<br>
connectionConfig.setName( username );<br>
connectionConfig.setCredentials( password );<br>
connectionConfig.setUseSsl( 1 );<br>
connectionConfig.setSslProtocol( &quot;SSLv3&quot; );<br>
<br>
I can bind just fine and create an account but when i try to update the pas=
sword I get the follow error:<br>
<br>
Messages: 0000001F: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM),=
 data 0<br>
<br>
Im pretty sure the password encoding is correct because i took an example s=
traight from the Tech Microsoft site. Any ideas?<br>
<br>
</div>
</blockquote>
</div>
</blockquote>
</div>
<br>
</body>
</html>

--_000_37F8869772C449D1949FB01DC048F450charterschoolsusacom_--

--_004_37F8869772C449D1949FB01DC048F450charterschoolsusacom_--