Re: Changing ADAM user password

That's too bad. I assume you tried that using a 2003 client as well. I
know this works ok when using negotiate auth, as I've used that trick often
with ldp. There is probably something missing with the encryption support
in digest or something like that.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Lee Flight" <lef@xxxxxxxxxxxxxxx> wrote in message
news:u8tbqEelGHA.3924@xxxxxxxxxxxxxxxxxxxxxxx
I just tried this using ldp and an Delete/Add on unicodePwd:

--
0 = ldap_set_option(ld, LDAP_OPT_ENCRYPT, 1)
res = ldap_bind_s(ld, NULL, &NtAuthIdentity,
DIGEST (16518)); // v.3
{NtAuthIdentity:
User='cn=test1,ou=testou1,o=myorg,dc=myroot';
Pwd=<unavailable>; domain = ''}
Authenticated as:
'CN=test1,OU=testOU1,O=myorg,DC=myroot'.


***Call Modify...
ldap_modify_s(ld, 'CN=test1,OU=testOU1,O=myorg,DC=myroot'
,[2] attrs);

Error: Modify: Operations Error. <1>
Server error: 00002077: SvcErr:
DSID-0338070C, problem 5012 (DIR_ERROR), data 8237

Error 0x2077 Illegal modify operation.
Some aspect of the modification is not permitted.
--

Not sure if there is anything in code that could improve on this but at
first glance it appears that the security of the channel is not being
recognized in this case. Simple bind + SSL worked fine.

Lee Flight


"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:%23KRfPgalGHA.4540@xxxxxxxxxxxxxxxxxxxxxxx

I'll give the digest/encryption thing a try as soon as I get a chance to
flip my ADAM back to requiring encrypted password mods. :)




.

Relevant Pages

  • Re: Changing ADAM user password
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... Running the bind from another W2K3SP1 machine ... support in digest or something like that. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Web Single Sign On
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... current Windows credentials to the server, ... This common identity is the user's username used to logon to the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: ASP.NET 2.0 WindowsTokenRoleProvider Local Groups Broken
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... There is no Group property on the WindowsIdentity object in .NET 2.0, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Secure SSL with LDAP and AD
    ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... LDAP over SSL with a third-party certification authority. ... Note that a self signed cert is probably a very poor choice as nothing ...
    (microsoft.public.windows.server.security)
  • Re: SignOn Problem during Team Foundation WebTest Playback
    ... That sounds likely to me (the query string parameters). ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
Loading