6.18. Setting a User’s Password via LDAP
Problem
You want to set the password for a user using LDAP.
Solution
You have to first enable SSL/TLS support in your Active Directory domain. See Recipe 14.1 for more on this.
You can then set the unicodePwd
attribute of a
user
object using LDAP operations over an SSL or
TLS connection.
The value for the unicodePwd
attribute must be a
Unicode string that is surrounded by quotes and Base64 encoded. See
Recipe 10.4 for more on encoding text with
Base64.
Discussion
The unicodePwd
attribute can be directly modified
over a SSL or TLS connection, but it can never be read.
See Also
Recipe 10.4 for more on Base64 encoding, Recipe 14.1 for enabling SSL/TLS, MS KB 263991 (How to Set a User’s Password with Ldifde), MS KB 264480 (Description of Password-Change Protocols in Windows 2000), and MS KB 269190 (HOWTO: Change a Windows 2000 User’s Password Through LDAP)
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.