| bagray 2005-08-04, 12:43 pm |
| I am trying to reset an AD password via LDAP. The documentation reads:
The syntax of the unicodePwd attribute is octet-string; however, the directory service expects that the octet-string will contain a UNICODE string (as the name of the attribute indicates). This means that any values for this attribute passed in LDAP must be UNICODE strings that are BER-encoded (Basic Encoding Rules) as an octet-string. In addition, the UNICODE string must begin and end in quotes that are not part of the desired password.
my code:
use Net::LDAP;
use Unicode::String qw(utf8);
use Convert::BER;
my $host = 'somehost';
my $admin = 'someadmin';
my $pword = 'password';
my $user = 'CN=someuser,CN=Users,DC=Somewhere,DC=co
m';
my $newpw = utf8('"newpword"');
my $ber = new Convert::BER;
$ber->encode(UTF8String => $newpw) or die;
$ldap = Net::LDAP->new($host);
$ldap->start_tls();
$rc = $ldap->bind($admin, password => $pword);
print "bind error " . $rc->error . "\n" if $rc->code;
$m = $ldap->modify( $user, replace => {unicodePwd => $ber});
print $m->error ."\n" if $m->code;
$ldap->unbind();
errors with:
0000207E: AtrErr: DSID-031905F5, #1:
0: 0000207E: DSID-031905F5, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att 9005a (unicodePwd)
I can set other attributes (non BER encoded UNICODE) so I am sure it is my encoding. Any thoughts would be great. |