Re: Changing ADAM user password

From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 19 Jun 2006 13:40:51 -0500

I'd suggest either adding the FastBind flag (which might work here; not
sure) or just adding the authenticated users SID (<SID=S-1-5-8>) to the
Readers role. That way, you don't have to add each user individually.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
<compurhythms@xxxxxxxxx> wrote in message
news:1150732879.477067.118130@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

sorry, the full path to my user should read:

string ldapPath = "LDAP://localhost:9389/CN=My User,OU=My
Unit,DC=MYPARTITION,DC=ADAM";

Also, the creating the directory entry should look like:

DirectoryEntry changeEntry = new DirectoryEntry(ldapPath, userID,
oldPassword, AuthenticationTypes.None);

compurhythms@xxxxxxxxx wrote:

I've got an existing ADAM user. I'm trying to change its password in
c#. I know the current password is set correctly because I can bind to
the instance via LDP with its credentials. Here is how I am trying to
change the password:

string ldapPath = "LDAP://CN=My User,OU=My
Unit,DC=MYPARTITION,DC=ADAM";

string userID = "myUser"; // this is the userPrinicpalName for my
user's ADAM entry

DirectoryEntry changeEntry = new DirectoryEntry(fullDN, userID,
oldPassword, AuthenticationTypes.None);

if (changeEntry != null)
{
// ** code fails on next line
changeEntry.Options.PasswordEncoding =
PasswordEncodingMethod.PasswordEncodingClear;

changeEntry.Options.PasswordPort = 9389;

changeEntry.Invoke("ChangePassword", new Object[] {oldPassword,
newPassword });
}

At the code marked "**" above, I get an exception "no such object on
the server".

Now this usually means one of two things:

1. The object really does not exist - It does in my case
2. There is a security issue accessing the entry

So #2 sounds more likely, but I'm providing the user's current
userPrincipalName and password to bind to the entry. Do I have to add
all my ADAM users to the "Readers" role just to allow them to change
passwords on their own object?

Mike

Follow-Ups:
- Re: Changing ADAM user password
  - From: compurhythms@xxxxxxxxx

References:
- Changing ADAM user password
  - From: compurhythms@xxxxxxxxx
- Re: Changing ADAM user password
  - From: compurhythms@xxxxxxxxx

Prev by Date: Re: SSL over Ldap June 2006 Posting
Next by Date: Re: delegate privileges in another domain in another forest
Previous by thread: Re: Changing ADAM user password
Next by thread: Re: Changing ADAM user password
Index(es):
- Date
- Thread

Relevant Pages

Re: Changing ADAM user password
... FastBind is causing some ADSI methods to be pruned (as described on ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... the creating the directory entry should look like: ... DirectoryEntry changeEntry = new DirectoryEntry(ldapPath, userID, ...
(microsoft.public.windows.server.active_directory)
Re: Changing ADAM user password
... FastBind is causing some ADSI methods to be pruned (as described on ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... the creating the directory entry should look like: ... DirectoryEntry changeEntry = new DirectoryEntry(ldapPath, userID, ...
(microsoft.public.windows.server.active_directory)
Re: Changing ADAM user password
... setting in ADAM, but it was removed to make ADAM "secure by default". ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... DirectoryEntry changeEntry = new DirectoryEntry(ldapPath, userID, ...
(microsoft.public.windows.server.active_directory)
Re: Changing ADAM user password
... the creating the directory entry should look like: ... DirectoryEntry changeEntry = new DirectoryEntry(ldapPath, userID, ... oldPassword, AuthenticationTypes.None); ...
(microsoft.public.windows.server.active_directory)