ldap.passwd_s with Active Direcory

Michael Ströder michael at stroeder.com
Tue Aug 4 18:28:57 CEST 2009

Mike.Peters at opengi.co.uk wrote:
> I'm not sure if this is the right place for this query, but I couldn't
> find a python-LDAP-Users list.
> I'm trying to modify a user's password on an Windows 2003 Active
> directory using passwd_s, however the server is returning the following
> error:
> {'info': '0000203D: LdapErr: DSID-0C090C7D, comment: Unknown extended
> request OID, data 0, vece', 'desc': 'Protocol error'}
> I realise this is a server configuration thing as opposed to a
> python-ldap issue, but google hasn't been any help so far. Does anyone
> here know what it is I need to enable/change in order to get it to work?

This is because Windows 2003 AD does not support the LDAP Password Modify
Extended Operation (see RFC 3062).

> The connection is using ldaps:// on port 636 and I can search the AD and
> modify other values eg givenName etc, just not passwords, and I'm
> binding as domain administrator.

There's a MSDN article about how to set attribute unicodePwd via LDAP in AD.

Ciao, Michael.

More information about the python-ldap mailing list