Re: change passwords via LDAP
From: Jim Mintha (j.t.mintha_at_UVA.NL)
Date: 05/02/03
- Previous message: Jim Mintha: "Re: change passwords via LDAP"
- Maybe in reply to: Gabriel Kuri: "change passwords via LDAP"
- Next in thread: Jason Coombs: "Free IIS Security Forensic Analysis E-Book"
- Reply: Jason Coombs: "Free IIS Security Forensic Analysis E-Book"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 2 May 2003 01:50:23 +0200 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Note to Russ: I have had a lot of requests for the code to set AD
passwords via LDAP. This is my reply, but it is perhaps a bit
offtopic for the list. I will mail to people individually if you
don't think it is appropriate.
---- Here is the code I use to change a password in Active Directory. It uses the perl-ldap module from http://perl-ldap.sourceforge.net/ It is part of a bigger program that we use to synchronize our LDAP to Active Directory. (one way synchronization from LDAP to AD, except for passwords which are two-way) I have reduced it down to a simple command line program that reads name & password from stdin. It does a very simplistic unicode conversion that will fail for non-ascii characters. Feel free to use it for whatever you like. Example: % chg_passwd.pl jim supersecret Code: #!/usr/local/bin/perl -w use strict; use Net::LDAPS; my($Ad, $mesg, $uid, $pass, $npass, $dn, $rtn); ($uid, $pass) = split(" ",<STDIN>); if (($uid eq '') or ($pass eq '')) { print "Uid and/or password missing in input\n"; exit 1; } print "Trying to set $uid to password $pass\n"; # Bind to the AD server $Ad = Net::LDAPS->new("dc.test.uva.nl", version => 3) or print "Unable to connect to AD server\n", exit 2; $Ad->bind(dn => "CN=ad,OU=Admin,DC=test,DC=uva,DC=nl", password => "gandalf") or print "Unable to bind to AD server\n", exit 2; # Do a AD lookup to get the dn for this user # then change their password. $mesg = $Ad->search(base => "DC=s-res,DC=uva,DC=nl", filter => "cn=$uid"); if($mesg->count != 1) { print "AD lookup failed for user $uid\n"; exit 3; } # Add quotes and uniCode map { $npass .= "$_\000" } split(//, "\"$pass\""); # Now change it $dn = $mesg->entry(0)->dn; $rtn = $Ad->modify($dn, replace => { "unicodePwd" => $npass }); if($rtn->{'resultCode'} != 0) { print "User $uid, setting password failed\n"; exit 2; } print "Password for $uid changed in AD\n"; exit 0; -- Jim Mintha Email: j.t.mintha@uva.nl System Administrator Work: +31 20 525-4919 Informatiseringscentrum Home: +31 20 662-3892 University of Amsterdam Debian GNU/Linux: jmintha@debian.org _There are always Possibilities_ http://www.mintha.com oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Delivery co-sponsored by IP3 Inc. oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo SECURITY QUESTIONS? We've got answers...Apply for a scholarship and become TICSA certified. Do not miss your opportunity to discover solutions to what our participants have identified as their top 5 IT Security Challenges. You will return to work better prepared to put into place an effective security strategy utilizing the latest security tools, bookmarks and URL's. <http://www.ip3seminars.com> oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Previous message: Jim Mintha: "Re: change passwords via LDAP"
- Maybe in reply to: Gabriel Kuri: "change passwords via LDAP"
- Next in thread: Jason Coombs: "Free IIS Security Forensic Analysis E-Book"
- Reply: Jason Coombs: "Free IIS Security Forensic Analysis E-Book"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
