Change Password on AD via Perl/LDAPS/Convert::BER

jedg has asked for the wisdom of the Perl Monks concerning the following question:

I am having NO luck doing this... I'm hoping to find someone who has SUCCESSFULLY done this. I get the following error when I try:

failed: 19 0000216C: AtrErr: DSID-031D0A99, #1:
        0: 0000216C: DSID-031D0A99, problem 1005 (CONSTRAINT_ATT_TYPE)
+, data 0, Att 9005a (unicodePwd)
 at password.pl line 50
[download]

Here is the code I am using: Thanks for any suggestions/help you could provide.

#!/umr/testbin/perl

$| =1;

use Convert::BER;
use Net::LDAPS;

$ldaps = new Net::LDAPS('srvtst01.cc.umr.edu',
                        port=> '636');

$UserPass="*******";
$UserID="Administrator";

$ADSserver='srvtst01.cc.umr.edu';
$DomainDN=" dc=test, dc=umr, dc=edu";


$UserDN="cn=$UserID, cn=users, " .  $DomainDN;

$ldaps = Net::LDAPS->new($ADSserver) || die "failed: $@";

$mesg = $ldaps->bind( dn =>"$UserDN", password => "$UserPass" );
$mesg->code && die "bind failed: $mesg->error";

$tempDN = "cn=Test2 Edg, cn=Users, " . $DomainDN;


$pwd = new Convert::BER;

$pwd->encode(
       STRING=>"\"hello\"",
#       STRING=>"\x00\"\x00h\x00e\x00l\x00l\x00o\x00\"",
) or die;
$pw = $pwd->buffer;


$mesg = $ldaps->modify(dn => $tempDN,
         changes => [
                   replace => [ unicodePwd => '$pw' ]
         ]
);

$mesg->code && die "failed: ", $mesg->code," ",$mesg->error;
[download]

2001-04-06 Edit by Corion : Removed plaintext password, added CODE tags to error message.

Comment on Change Password on AD via Perl/LDAPS/Convert::BER Select or Download Code

Replies are listed 'Best First'.
Re: Change Password on AD via Perl/LDAPS/Convert::BER by araqnid (Beadle) on Apr 06, 2001 at 04:30 UTC
Do you really mean '$pw' with single quotes? (no quotes should be necessary at all) Also, I've never actually used Convert::BER at this level, I thought Net::LDAP automatically converted strings in the replace() data as necessary. ie. sth like: `$ldaps->modify(dn => $tempDN, changes => [ replace =>[unicodePwd => $pw]]);` [download] Also, I've tended to fetch an entry, call its replace/add methods and then update() it, but that should just fall through to this method...	[reply] [d/l]
Re: Change Password on AD via Perl/LDAPS/Convert::BER by rchiav (Deacon) on Apr 06, 2001 at 20:35 UTC
(After I posted this I kinda realized that you're not running this on a windows box so it's completely usless. I'll leave it for people wondering how to do this on Wintel machines though) Uhmm.. I don't have an answer for your method of doing this, but I thought I'd offer an easier way to change passwords in AD.. as long as you have ADSI installed.. `use strict; use WIN32; use Win32::OLE; my $domain = Win32::DomainName(); chomp (my $user = shift @ARGV); chomp(my $new_pw = shift @ARGV); if (my $objUser = Win32::OLE->GetObject("WinNT://$domain/$user,user")) + { $objUser->SetPassword($new_pw); }` [download] and that's it. It takes the username and new pwd as input. Obviously this hasn't been idiot proofed at all.. but it shows you the functionality of ADSI. But then again, you may have different reasons for not doing it this way. Hope this helps, Rich	[reply] [d/l]


No such thing as a small change
	PerlMonks