Creating Active Directory Objects

Michael Ströder michael at
Fri Nov 9 10:35:16 CET 2007

Geert Jansen wrote:
> Forget about using LDAP to change a user's password. It can be done but
> it requires 128-bit SSL and so you need to set up certificate services
> and distribute the CA certificate to your client. An easier way is to
> use the Kerberos Set Password protocol (RFC3244). MIT Kerberos 1.3 and
> later support this protocol. Unfortunately there is no command-line
> interface to this call so you need to create a Python extension module
> for wrapping this call.
> My (in progress) project FreeADI contains a wrapper for the Set Password
> call. See the file "/trunk/freeadi/core/_krb5.c" on my Trac page at
> The code is available under the liberal MIT license.

If you're already on that route you might be interested in the
heimdal-wrapper module by Univention. Its license is GPL. Not sure
whether they support the Set Password protocol though.

Ciao, Michael.

More information about the python-ldap mailing list