6.18. Setting a User’s Password via LDAP
Problem
You want to set the password for a user using LDAP.
Solution
You have to first enable SSL/TLS support in your Active Directory domain. See Recipe 14.1 for more on this.
You can then set the unicodePwd attribute of a
user object using LDAP operations over an SSL or
TLS connection.
The value for the unicodePwd attribute must be a
Unicode string that is surrounded by quotes and Base64 encoded. See
Recipe 10.4 for more on encoding text with
Base64.
Discussion
The unicodePwd attribute can be directly modified
over a SSL or TLS connection, but it can never be read.
See Also
Recipe 10.4 for more on Base64 encoding, Recipe 14.1 for enabling SSL/TLS, MS KB 263991 (How to Set a User’s Password with Ldifde), MS KB 264480 (Description of Password-Change Protocols in Windows 2000), and MS KB 269190 (HOWTO: Change a Windows 2000 User’s Password Through LDAP)
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access