Re: ADAM SP1 and changing a password
From: Lee Flight (lef_at_le.ac.uk-nospam)
Date: 01/25/05
- Next message: Thelazyadmin.com: "Re: simple file sharing (XP)"
- Previous message: Paul Johnson: "Re: Deploying Office via GP problem"
- In reply to: nsyforce_at_aol.com: "ADAM SP1 and changing a password"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: ADAM SP1 and changing a password"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: ADAM SP1 and changing a password"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 25 Jan 2005 02:34:33 -0000
Hi
now that you are at .Net1.1 SP1 I do no think you will get your unicodePwd
approach to work again even with the latest hotfix, KB886541 was the last
that
I tried. You can read my findings here:
http://groups.google.co.uk/groups?hl=en&lr=&selm=u%24DCadf3EHA.936%40TK2MSFTNGP12.phx.gbl
the failure occurs on both WinXP and W2003.
To set the password you need to either use the userPassword attribute,
but that only works for password Sets not password Changes or use the
invoke of SetPassword as of the MSDN example. The MSDN sample
works in my experience but there are some things to note:
on WinXP you need to use SSL or disable the secure channel requirement,
if you use SSL on say port 636 and are running as an ADAM administrator:
strServer = "localhost";
strPort = "636";
strUser = "CN=TestUser,O=Fabrikam,C=US";
strPath = String.Concat("LDAP://", strServer,
":", strPort, "/", strUser);
AuthTypes =
AuthenticationTypes.SecureSocketsLayer|AuthenticationTypes.Secure;
try
{
objUser = new DirectoryEntry(
strPath, null, null, AuthTypes);
objUser.RefreshCache();
}
// Set port number, method, and password.
intPort = Int32.Parse(strPort);
try
{
objUser.Invoke("SetOption", new object[]
{ADS_OPTION_PASSWORD_PORTNUMBER, intPort});
objUser.Invoke("SetOption", new object[]
{ADS_OPTION_PASSWORD_METHOD,
ADS_PASSWORD_ENCODE_REQUIRE_SSL});
objUser.Invoke("SetPassword", new object[]
{"ADAMComplexPassword1234"});
if you disable the secure channel requirement then you need to momdify the
above:
AuthTypes = AuthenticationTypes.Signing |
AuthenticationTypes.Sealing |
AuthenticationTypes.Secure;
objUser.Invoke("SetOption", new object[]
{ADS_OPTION_PASSWORD_METHOD,
ADS_PASSWORD_ENCODE_CLEAR});
on your non-SSL strPort.
If you are hitting failures with SetPassword against WinXP and you have not
configured SSL then double check that the secure channel requirement really
is disabled. If you are still having problems then my preferred approach is
to
bump up the LDAP diagnostic logging on the instance:
Diagnostic logging for the ADAM LDAP interface:
----------------------------------------------------------
This requires a registry key edit so bear in mind the usual WARNING
about editing the registry:
Assuming that your ADAM instance has service name ADAM_instance1
then under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ADAM_instance1\Diagnostics
Edit the value
16 LDAP Interface Events
and set it to 5
Run your code. You should see a batch of messages in the ADAM Instance
log of the system Event viewer in the category LDAP Interface.
Look for an event id 1535 that has:
"Internal event: The LDAP server returned an error"
in the description field.
Remember to reset the registry value to 0 when done.
-- Please post any 1535 errors that you log. Finally recompiling your code on W2003 can be confusing as you may have issues with password complexity constraints that do not exist on WinXP. Hopefully the above together with Joe Kaplan's and Dmitri's post will help progress this for you. Lee Flight <nsyforce@aol.com> wrote in message news:1106579784.352956.166530@c13g2000cwb.googlegroups.com... >I once was able to change a users password. Now I've installed SP1 and > my code to change the password fails. > > I've read other threads on this same issue, and tried other things with > no success. One problem may be that we allow password settings over a > non-ssl connection. We set that on our server by using the dsmgmt > tool. I am also using code that is on WinXP. > > Before SP1, I tried to get the password change to work with this. > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adam/adam/setting_a_user_password.asp > > That failed and we even called a ticket into MS to help us with it. > After several emails floating back and forth without resolution, I was > just ignored. Finally, someone else in my shop pointed me in the > direction of the unicode password. So this worked before SP1: > > Dim entry As DirectoryEntry = New DirectoryEntry(memberPath, > adminPath, ADMIN_PWD, AuthenticationTypes.ServerBind) > > Dim quotePwd As String > Dim pwdBin() As Byte > > quotePwd = String.Format("""{0}""", newMemberPassword) > pwdBin = System.Text.Encoding.Unicode.GetBytes(quotePwd) > > entry.Properties("unicodePwd").Add(pwdBin) > > Try > entry.CommitChanges() > Catch ex As System.Runtime.InteropServices.COMException > Select Case ex.ErrorCode > Case &H8007202F > Throw New > LdapPasswordException(LdapPasswordException.DOMAIN_POLICY) > Case &H80072035 > Throw New > LdapPasswordException(LdapPasswordException.SSL_CONNECTION) > Case Else > Throw New LdapPasswordException(ex.Message) > End Select > End Try > > Now, with this failing after the installation of SP1, I thought, "Hey > maybe MS fixed it with this version so the code in the following would > actually work". > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adam/adam/setting_a_user_password.asp > > So I tried, and of coarse failed. > > So has anyone else been through this torment? > Thank you very much in advance for any thoughts or advice. >
- Next message: Thelazyadmin.com: "Re: simple file sharing (XP)"
- Previous message: Paul Johnson: "Re: Deploying Office via GP problem"
- In reply to: nsyforce_at_aol.com: "ADAM SP1 and changing a password"
- Next in thread: Joe Kaplan \(MVP - ADSI\): "Re: ADAM SP1 and changing a password"
- Reply: Joe Kaplan \(MVP - ADSI\): "Re: ADAM SP1 and changing a password"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
