Change password

Michael Ströder michael at stroeder.com
Tue Sep 16 08:14:17 CEST 2008


Jonathan Hansen wrote:
> Does anyone have a working password change script for active directory  
> server that will run on Linux?

My web2ldap implements it. But it's not a small script. Depending on
your use-case you might consider deploying web2ldap though. At least for
learning how the data looks like it would be useful.

I see three issues here:

> *** ldap://my.ldap.server:389 - SimpleLDAPObject.search_ext  
> (('cn=Users,my.dc', 2, '(objectClass=user)(mail=*)', ['*'], 0, None,  
              ^^^^^
1. This is not a valid DN. With AD it should rather look like

cn=Users,dc=my,dc=domain

> *** ldap://my.ldap.server:389 - SimpleLDAPObject.result3 ((2, 1, -1),{})
> => LDAPError - SERVER_DOWN: {'info': '', 'desc': "Can't contact LDAP  
> server"}

2. This error code means the LDAP server wasn't reachable at all.

3. Also note that for chaning the AD password (attribute unicodePwd) you
have to use SSL. So your connection URI has to look like this:

ldaps://my.ldap.server:636

See Demo/initialize.py how to set the SSL/TLS-related options.

Ciao, Michael.




More information about the python-ldap mailing list