Re: LDIFDE Error when trying to change passwords.
- From: JBaxter <JBaxter@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 30 Sep 2006 11:16:01 -0700
I have looked over the SSAL bind options but I cannot seem to figure it out,
any chance you can give me an example of what the command is, I am doing the
import directly from the server via a command prompt, the only reason I am
trying the LDIFDE is that I cannot import the passwords with my CSVDE file.
the Server all of my servers in this domain are 2k3. Another question is do
they have to be running in 2k3 mode or is 2000 native ok for mixed environs,
or does it matter at all.
"Joe Kaplan" wrote:
Ok, there are a few things. I'm not sure exactly why you are getting the.
error you are getting, but your value is definitely wrong.
The value you have specified is this:
"cGFzc3dvcmQ="
That is a base64 encoded value of the ASCII (or possibly UTF8 or 1252)
encoding of the string "password". You have then enclosed that in quotes.
That is not correct. You need to take the password string, enclose it in
quotes, convert the entire value to binary using UNICODE encoding, and
base64 that value. Using the same password value:
password
Enclose in quotes
"password"
Convert to binary using Unicode encoding (shown as hex pairs; notice the
double bytes and the quote characters 22-00?)
22-00-70-00-61-00-73-00-73-00-77-00-6F-00-72-00-64-00-22-00
Convert binary to Base64:
IgBwAGEAcwBzAHcAbwByAGQAIgA=
To get the encrypted channel, you can either use SSL like the article
suggests, or if you have 2K3 DCs and your client is also XP or higher, you
can use SSPI bind and the -h option with LDIF to encrypt the connection
after bind. If you are supplying credentials on the commandline, you need
to use the -b option.
If you are having trouble with the unicode or base64 conversion, you may
need to get a better utility. I have a little thing I wrote in .NET that
helps with this that I could share offline if you need it.
Note also that your test password won't work if password complexity is
enabled, so make sure you improve that if needed (Password1 is the crappy
choice for testing that gets used a lot :)).
Given the error you are getting, you might be having different problems with
actually connecting to the directory. Typically, you'll get an "unwilling
to process" error message from LDAP if it doesn't like the value you use or
you don't have a secure connection.
HTH,
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"JBaxter" <JBaxter@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:879F0511-1793-4C4C-AC7A-B98B41919C33@xxxxxxxxxxxxxxxx
Thank you for the reply Joe, the question is why am I recieving the errir
that I am
A device attached to the system is not functioning,
is it because I am not ussing SSL, here is the code that I am using
dn: CN=testuser,OU=example,DC=example,DC=local
changetype: modify
replace: unicodePwd
unicodePwd:"cGFzc3dvcmQ="
-
- Follow-Ups:
- Re: LDIFDE Error when trying to change passwords.
- From: Joe Kaplan
- Re: LDIFDE Error when trying to change passwords.
- References:
- Re: LDIFDE Error when trying to change passwords.
- From: strongline
- Re: LDIFDE Error when trying to change passwords.
- From: Joe Kaplan
- Re: LDIFDE Error when trying to change passwords.
- From: JBaxter
- Re: LDIFDE Error when trying to change passwords.
- From: Joe Kaplan
- Re: LDIFDE Error when trying to change passwords.
- Prev by Date: Re: Adding additional w2003 to a w2003 domain and can not access share
- Next by Date: Re: Help! Need to know how to set DC as default for logon...
- Previous by thread: Re: LDIFDE Error when trying to change passwords.
- Next by thread: Re: LDIFDE Error when trying to change passwords.
- Index(es):
Relevant Pages
|
