This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Passwords Using LDIF
Passwords Using LDIF

Version management

Difference between version and

At line 1 added 66 lines
!!! Overview
Use an LDIF to change the user's [userPassword]:
For Microsoft Active Directory you would need to [Enable UserPassword in Microsoft Active Directory]
!! [Examples]
[LDIF] [Password Change]
{{{
dn: CN=John Smith, OU=Users,DC=Fabrikam,DC=com
changetype: modify
delete: userPassword
userPassword: oldPassword
-
add: userPassword
userPassword: newPassword
}}}
The following example uses [LDIF] to perform a [Password Reset] to newPassword.
{{{
dn: CN=John Smith, OU=Users,DC=Fabrikam,DC=com
changetype: modify
replace: userPassword
userPassword: newPassword
-
}}}
!! For [UnicodePwd] Using [Microsoft Active Directory]
There are two ways to modify the [unicodePwd] attribute. The first is analogous to a typical user change-password operation and the second is an administrative reset.
%%information
When you use a base-64 encoder, you must make sure that it supports Unicode, or you will create an incorrect password.
%%
The second way to modify the attribute is analogous to an administrator resetting a password for a user. To do this, the client must have bound as an administrator a user who has sufficient rights to modify other users' passwords. The modify request should contain a single replace operation with the new password enclosed in quotation marks and be Base64 encoded. If the client has sufficient rights, this password becomes the new password regardless of what the old password was.
!! [unicodePwd] [Password Change]
For [unicodePwd] Change, the modify request must contain both a delete operation and an add operation. The delete operation must contain the current password enclosed in quotation marks and be Base64 encoded as described in RFC 1521. The add operation must contain the new password enclosed in quotation marks and be Base64 encoded.
{{{
dn: CN=John Smith, OU=Users,DC=Fabrikam,DC=com
changetype: modify
delete: unicodePwd
unicodePwd::HgBuAGUAdwBKLSQAGEAcwBzAHcAbwByHJE=
-
add: unicodePwd
unicodePwd::IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA=
}}}
!! [unicodePwd] [Password Reset]
The client must have bound as an administrator a user who has sufficient rights to modify other users' passwords. The modify request should contain a single replace operation with the new password enclosed in quotation marks and be [Base64] encoded. If the client has sufficient rights, this password becomes the new password regardless of what the old password was.
The following [Example] LDIF file changes a password to newPassword:
{{{
dn: CN=TestUser,DC=testdomain,DC=com
changetype: modify
replace: unicodePwd
unicodePwd::IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA=
-
}}}
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop