Re: Modify UserPassword attribute in ADAM

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

io.com
Date: 05/03/04 

Date: Mon, 3 May 2004 11:18:49 +0200

Eric thaks for response, i have a last two question :

- How i disable this security requirement ? I try to do it for my test adam
server ! (it's' important for my test)

- After the test if i want use ssl over ldap i must install a windows CA and
generate a certificate ?

Thanks in advance.

"Eric Fleischman [MSFT]" <efleis@online.microsoft.com> wrote in message
news:OgTDPOKMEHA.3348@TK2MSFTNGP09.phx.gbl...
> 8237 = ERROR_DS_CONFIDENTIALITY_REQUIRED
>
> The issue is that you are performing this over a non-secure channel. With
> default settings we require that you perform password operations over a
> secure channel (either ssl or using ldap_opt_encrypt).
>
> If you search help for "To set or modify the password of an ADAM user" you
> should get some information on this.
> Your choices here are:
> 0) Perform over SSL connection
> 1) Use ldap_opt_encrypt to secure the connection
> 2) Disable this security requirement (via the 12th bit of dsHeuristics)
>
> My personal recomendation is doing either 0 or 1 as that is more secure.
> Help talks about how to do them.
> If you do want to disable the requirement I can help you with that, but
I'd
> strongly encourage you to not do that for security reasons.
>
> ~Eric
>
> --
> Eric Fleischman [MSFT]
> This posting is provided "AS IS" with no warranties, and confers no rights
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
>
> <io.com> wrote in message news:e5iz$1IMEHA.2244@tk2msftngp13.phx.gbl...
> > Hi,
> >
> > i have a instace of ADAM on Windows 2003 DC ; i have created one adam
> > account (adam-admin) and have join this accont to administrators group
> > with
> > ADSI Edit.
> >
> > The problem is :
> >
> > after binding my ADAM istance with my account adam-admin using ldp.exe
> > when
> > i try to modfied a UserPassword for another account the operaton failed
> > and
> > this error appared :
> >
> > Error: Modify: Operations Error. <1>
> > Server error: 00002077: SvcErr: DSID-033805FE, problem 5012 (DIR_ERROR),
> > data 8237
> >
> > Error 0x2077 Illegal modify operation. Some aspect of the modification
is
> > not permitted.
> >
> > If i try to change another attribute for the same accout the operation
> > succef
> >
> > The question is : why with a my "adam-admin" account member of adam
> > administrators if i try to change a password the operation failed ?
> > How i perform this operation with my "adam-admin" account ?
> >
> > Note:
> > Must use a DSACLS to perform tis operation ? If yes how i use DSACLS
with
> > who option ?
> >
> >
> > thanks in advance.
> >
> >
> >
>
>