Re: change passwords via LDAP

• Previous message: http-equiv_at_excite.com: "SILLY BEHAVIOR Part II : Internet Explorer 5.5 - 6.0"
• In reply to: Gabriel Kuri: "change passwords via LDAP"
• Next in thread: Jim Mintha: "Re: change passwords via LDAP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Thu, 1 May 2003 15:52:29 +0200
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

On Wed, Apr 30, 2003 at 10:26:06PM -0700, Gabriel Kuri wrote:
> Windows 2000 Server has the ability to change user's passwords
> in Active Directory via the LDAP interface. However, we've found this
> functionality was broken in a patch Microsoft released
> that is associated with security bulletin MS01-036,
> and then later superseded by MS02-016.

It seems to still work for us. We use perl with the perl-ldap
libraries. Basically we do:

- Bind to AD with an administrator account using SSL (ldap v3)
- do a lookup on the user
- encode the new password using unicode
- do an replace on the unicodePwd field

Just checked it and it still work on a machine that has all current
patches (SP3 +)

Let me know if you would like to see the code. Apologies if I missed
something - I'm just a Unix guy :)

Jim

--
Jim Mintha                                       Email: j.t.mintha@uva.nl
System Administrator                              Work: +31 20 525-4919
Informatiseringscentrum                           Home: +31 20 662-3892
University of Amsterdam               Debian GNU/Linux: jmintha@debian.org
_There are always Possibilities_                  http://www.mintha.com
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by IP3 Inc.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
SECURITY QUESTIONS? We've got answers...Apply for a scholarship and become
TICSA certified.
Do not miss your opportunity to discover solutions to what our participants
have identified as their top 5 IT Security Challenges. You will return to
work better prepared to put into place an effective security strategy
utilizing the latest security tools, bookmarks and URL's.
<http://www.ip3seminars.com>
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Previous message: http-equiv_at_excite.com: "SILLY BEHAVIOR Part II : Internet Explorer 5.5 - 6.0"
• In reply to: Gabriel Kuri: "change passwords via LDAP"
• Next in thread: Jim Mintha: "Re: change passwords via LDAP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Oh Dear, Where to start?! ... > sort of security solution? ... > use, passwords, physical security, backup/disaster ... > admin, network admin, tech support, programming, and ... Theres lots of software out there for backups. ... (Security-Basics) RE: passwords in asp pages ... and using integrated security for connecting to the database- this will ... remove cleartext passwords from the files. ... grab the raw asp source from the server. ... to facilitate one-on-one interaction with one of our expert instructors. ... (Security-Basics) [NT] Webserver 4D Weak Password Preservation Vulnerability ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... complete Web Server environment written entirely on top of 4th Dimension, ... WS4D web server saves the passwords somewhere insecure. ... (Securiteam) Re: Electronic Storage of Class 1/ 2 Medical forms... "Best Practice"? ... This has proven to be more of a security ... it will be as secure as most of the stuff at the NSA (National ... the user is taken to the server directory where the form is stored. ... Are the passwords sufficiently ... (rec.scouting.usa) Re: Solution to mIRC and Secedit Virus Networking Problems ... have determined that it was a Trojan, ... restored the security policy by running "secedit.exe ... passwords), and firewall, and possibly a backdoor. ... (microsoft.public.security)