Re: change passwords via LDAP

From: Jim Mintha (j.t.mintha_at_UVA.NL)
Date: 05/01/03

  • Next message: Jim Mintha: "Re: change passwords via LDAP" 
    Date:         Thu, 1 May 2003 15:52:29 +0200
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    On Wed, Apr 30, 2003 at 10:26:06PM -0700, Gabriel Kuri wrote:
    > Windows 2000 Server has the ability to change user's passwords
    > in Active Directory via the LDAP interface. However, we've found this
    > functionality was broken in a patch Microsoft released
    > that is associated with security bulletin MS01-036,
    > and then later superseded by MS02-016.

    It seems to still work for us. We use perl with the perl-ldap
    libraries. Basically we do:

    - Bind to AD with an administrator account using SSL (ldap v3)
    - do a lookup on the user
    - encode the new password using unicode
    - do an replace on the unicodePwd field

    Just checked it and it still work on a machine that has all current
    patches (SP3 +)

    Let me know if you would like to see the code. Apologies if I missed
    something - I'm just a Unix guy :)

    Jim 

    --
Jim Mintha                                       Email: j.t.mintha@uva.nl
System Administrator                              Work: +31 20 525-4919
Informatiseringscentrum                           Home: +31 20 662-3892
University of Amsterdam               Debian GNU/Linux: jmintha@debian.org
_There are always Possibilities_                  http://www.mintha.com
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by IP3 Inc.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
SECURITY QUESTIONS? We've got answers...Apply for a scholarship and become
TICSA certified.
Do not miss your opportunity to discover solutions to what our participants
have identified as their top 5 IT Security Challenges. You will return to
work better prepared to put into place an effective security strategy
utilizing the latest security tools, bookmarks and URL's.
<http://www.ip3seminars.com>
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
  • Next message: Jim Mintha: "Re: change passwords via LDAP"

    Relevant Pages

    • Re: OT: disabling APIs to prevent keystroke logging
      ... I have googled keylogging but there's a ton of info a mostly ads. ... I've dealt with security issues in my work as a software ... Researcher refutes Microsoft's account of hijacked Hotmail passwords ... passwords were obtained in a massive phishing attack. ...
      (alt.sys.pc-clone.dell)
    • RE: passwords in asp pages
      ... and using integrated security for connecting to the database- this will ... remove cleartext passwords from the files. ... grab the raw asp source from the server. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)
    • Re: Oh Dear, Where to start?!
      ... > sort of security solution? ... > use, passwords, physical security, backup/disaster ... > admin, network admin, tech support, programming, and ... Theres lots of software out there for backups. ...
      (Security-Basics)
    • Re: Final Year Project Brainstorming
      ... An interesting and always relevant topic is passwords. ... with a real-life scenario where Ubuntu's security is better than Vista ... The computers were very old so they were told they would have to ... Figure the cost of IT person for Vista vs ...
      (Ubuntu)
    • [NT] Webserver 4D Weak Password Preservation Vulnerability
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... complete Web Server environment written entirely on top of 4th Dimension, ... WS4D web server saves the passwords somewhere insecure. ...
      (Securiteam)