Passwords Using LDIF

Overview#

Use an LDIF to change the user's userPassword:

For Microsoft Active Directory you would need to Enable UserPassword in Microsoft Active Directory

Examples#

LDIF Password Change 

dn: CN=John Smith, OU=Users,DC=Fabrikam,DC=com
changetype: modify
delete: userPassword
userPassword: oldPassword
-
add: userPassword
userPassword: newPassword

The following example uses LDIF to perform a Password Reset to newPassword. 

dn: CN=John Smith, OU=Users,DC=Fabrikam,DC=com
changetype: modify
replace: userPassword
userPassword: newPassword
-

For UnicodePwd Using Microsoft Active Directory#

There are two ways to modify the unicodePwd attribute. The first is analogous to a typical user change-password operation and the second is an administrative reset.
When you use a base-64 encoder, you must make sure that it supports Unicode, or you will create an incorrect password.

The second way to modify the attribute is analogous to an administrator resetting a password for a user. To do this, the client must have bound as an administrator a user who has sufficient rights to modify other users' passwords. The modify request should contain a single replace operation with the new password enclosed in quotation marks and be Base64 encoded. If the client has sufficient rights, this password becomes the new password regardless of what the old password was.

unicodePwd Password Change#

For unicodePwd Change, the modify request must contain both a delete operation and an add operation. The delete operation must contain the current password enclosed in quotation marks and be Base64 encoded as described in RFC 1521. The add operation must contain the new password enclosed in quotation marks and be Base64 encoded. 
dn: CN=John Smith, OU=Users,DC=Fabrikam,DC=com
changetype: modify
delete: unicodePwd
unicodePwd::HgBuAGUAdwBKLSQAGEAcwBzAHcAbwByHJE=
-
add: unicodePwd
unicodePwd::IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA=

unicodePwd Password Reset#

The client must have bound as an administrator a user who has sufficient rights to modify other users' passwords. The modify request should contain a single replace operation with the new password enclosed in quotation marks and be Base64 encoded. If the client has sufficient rights, this password becomes the new password regardless of what the old password was.

The following Example LDIF file changes a password to newPassword: 

dn: CN=TestUser,DC=testdomain,DC=com
changetype: modify
replace: unicodePwd
unicodePwd::IgBuAGUAdwBQAGEAcwBzAHcAbwByAGQAIgA=
-

More Information#

There might be more information for this subject on one of the following:
Please see our Copyright And Intellectual Property Page and Standard Disclaimer Pages!