Overview#
Use an LDIF to change the user's userPassword:
For Microsoft Active Directory you would need to Enable UserPassword in Microsoft Active Directory
Examples#
dn: CN=John Smith, OU=Users,DC=Fabrikam,DC=com changetype: modify delete: userPassword userPassword: oldPassword - add: userPassword userPassword: newPassword
The following example uses LDIF to perform a Password Reset to newPassword.
dn: CN=John Smith, OU=Users,DC=Fabrikam,DC=com changetype: modify replace: userPassword userPassword: newPassword -
For UnicodePwd Using Microsoft Active Directory#
There are two ways to modify the unicodePwd attribute. The first is analogous to a typical user change-password operation and the second is an administrative reset.The second way to modify the attribute is analogous to an administrator resetting a password for a user. To do this, the client must have bound as an administrator a user who has sufficient rights to modify other users' passwords. The modify request should contain a single replace operation with the new password enclosed in quotation marks and be Base64 encoded. If the client has sufficient rights, this password becomes the new password regardless of what the old password was.
unicodePwd Password Change#
For unicodePwd Change, the modify request must contain both a delete operation and an add operation. The delete operation must contain the current password enclosed in quotation marks and be Base64 encoded as described in RFC 1521. The add operation must contain the new password enclosed in quotation marks and be Base64 encoded.dn: CN=John Smith, OU=Users,DC=Fabrikam,DC=com changetype: modify delete: unicodePwd unicodePwd::HgBuAGUAdwBKLSQAGEAcwBzAHcAbwByHJE= - add: unicodePwd unicodePwd::IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA=
unicodePwd Password Reset#
The client must have bound as an administrator a user who has sufficient rights to modify other users' passwords. The modify request should contain a single replace operation with the new password enclosed in quotation marks and be Base64 encoded. If the client has sufficient rights, this password becomes the new password regardless of what the old password was.The following Example LDIF file changes a password to newPassword:
dn: CN=TestUser,DC=testdomain,DC=com changetype: modify replace: unicodePwd unicodePwd::IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA= -