From: Jim Mintha (j.t.minthaUVA.NL)
Date: Thu May 01 2003 - 18:50:23 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Note to Russ: I have had a lot of requests for the code to set AD
passwords via LDAP. This is my reply, but it is perhaps a bit
offtopic for the list. I will mail to people individually if you
don't think it is appropriate.

----

Here is the code I use to change a password in Active Directory. It
uses the perl-ldap module from http://perl-ldap.sourceforge.net/

It is part of a bigger program that we use to synchronize our LDAP to
Active Directory. (one way synchronization from LDAP to AD, except
for passwords which are two-way) I have reduced it down to a simple
command line program that reads name & password from stdin. It does a
very simplistic unicode conversion that will fail for non-ascii
characters. Feel free to use it for whatever you like.

Example:

% chg_passwd.pl
jim supersecret

Code:

#!/usr/local/bin/perl -w

use strict;
use Net::LDAPS;

my($Ad, $mesg, $uid, $pass, $npass, $dn, $rtn);

($uid, $pass) = split(" ",<STDIN>);

if (($uid eq '') or ($pass eq '')) {
    print "Uid and/or password missing in input\n";
    exit 1;
}

print "Trying to set $uid to password $pass\n";

# Bind to the AD server

$Ad = Net::LDAPS->new("dc.test.uva.nl", version => 3)
  or print "Unable to connect to AD server\n", exit 2;
$Ad->bind(dn => "CN=ad,OU=Admin,DC=test,DC=uva,DC=nl", password => "gandalf")
  or print "Unable to bind to AD server\n", exit 2;

# Do a AD lookup to get the dn for this user
# then change their password.

$mesg = $Ad->search(base => "DC=s-res,DC=uva,DC=nl", filter => "cn=$uid");
if($mesg->count != 1) {
    print "AD lookup failed for user $uid\n";
    exit 3;
}

# Add quotes and uniCode
map { $npass .= "$_\000" } split(//, "\"$pass\"");

# Now change it
$dn = $mesg->entry(0)->dn;

$rtn = $Ad->modify($dn, replace => { "unicodePwd" => $npass });
if($rtn->{'resultCode'} != 0) {
    print "User $uid, setting password failed\n";
    exit 2;
}

print "Password for $uid changed in AD\n";
exit 0;

--
Jim Mintha Email: j.t.minthauva.nl
System Administrator Work: +31 20 525-4919
Informatiseringscentrum Home: +31 20 662-3892
University of Amsterdam Debian GNU/Linux: jminthadebian.org
_There are always Possibilities_ http://www.mintha.com

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by IP3 Inc.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
SECURITY QUESTIONS? We've got answers...Apply for a scholarship and become
TICSA certified.

Do not miss your opportunity to discover solutions to what our participants
have identified as their top 5 IT Security Challenges. You will return to
work better prepared to put into place an effective security strategy
utilizing the latest security tools, bookmarks and URL's.

<http://www.ip3seminars.com>

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]