ldap.passwd_s with Active Direcory

Michael Ströder michael at stroeder.com
Thu Aug 6 01:49:01 CEST 2009

Mike.Peters at opengi.co.uk wrote:
> *** ldaps://ad01.demo.local:636 - SimpleLDAPObject.simple_bind ((u'user at ADDEMO', u'secret', None, None),{})

First of all you should not pass Unicode strings to python-ldap. That's not a
problem for the actual values you used though in this example but in general
up to now python-ldap only receives raw strings as arguments.

> In [4]: mod_attrs = [( ldap.MOD_REPLACE, 'unicodePwd', '"password"'.encode('utf-16-le') )]
> In [5]: dn = 'CN=Barney Rubble,OU=Users,OU=ADDEMO,DC=demo,DC=local'
> In [6]: r = l.modify_s(dn, mod_attrs)*** ldaps://ad01.demo.local:636 - SimpleLDAPObject.modify_ext (('CN=Barney Rubble,OU=Users,OU=ADDEMO,DC=demo,DC=local', [(2, 'unicodePwd', '"\x00p\x00a\x00s\x00s\x00w\x00o\x00r\x00d\x00"\x00')], None, None),{})

Unfortunately I can't tell whether
user at ADDEMO and CN=Barney Rubble,OU=Users,OU=ADDEMO,DC=demo,DC=local
are the same AD user entry.

I vaguely remember that when setting your own password you have to explicitly
delete the old one and add the new one. Dig for the MSDN article.

Ciao, Michael.

More information about the python-ldap mailing list