ldap3 extend.microsoft.modify_password keeps returning false
Question:
I’m trying to modify an user account password in but it doesn’t work, I’ve tried it directly in AD and it does work. I’m using ldap3 to do it, here’s the steps I do.
First I do the app operation like this
from ldap3 import Server, Connection, ALL
s = Server("ldap://192.168.x.xx", use_ssl=True)
c = Connection(s, user='adminldap', password='xxxxxxx')
c.bind()
c.add('cn=jtest,ou=users,ou=MJC,dc=mjc,dc=lan', ['user', 'posixGroup', 'top'], {'cn': 'jtest', 'sAMAccountName':'jtest', 'mail':'[email protected]','telephoneNumber':'0102030405','displayName':'jtest'})
This one works.
Then I try to set the password
Path_Root = "ou=users,ou=MJC,DC=mjc,DC=lan"
Filter = "(&(objectclass=user)(&(sAMAccountName=jtest)(!(objectclass=computer))))"
c.search(search_base = Path_Root,search_filter = Filter,attributes = ["cn", "sAMAccountName", "displayName"])
if len(c.entries) == 1:
USER_DN = c.response[0].get("dn")
c.extend.microsoft.modify_password(USER_DN, 'Formation123')
Like this but the last line keeps returning False.
Have you got an idea why ? Thank you.
Answers:
According to this:
I looked into the source and it says old password must be None to reset password with sufficient privileges
This should work:
c.extend.microsoft.modify_password(USER_DN, 'Formation123', old_password=None)
And the connection has to be encrypted. You may have to specify ldaps:// even though you specified use_ssl, since the LDAPS port (636) is different than the regular LDAP port (389).
s = Server("ldaps://192.168.x.xx", use_ssl=True)
the solution was setting ssl on my ldap and it worked.
I’m trying to modify an user account password in but it doesn’t work, I’ve tried it directly in AD and it does work. I’m using ldap3 to do it, here’s the steps I do.
First I do the app operation like this
from ldap3 import Server, Connection, ALL
s = Server("ldap://192.168.x.xx", use_ssl=True)
c = Connection(s, user='adminldap', password='xxxxxxx')
c.bind()
c.add('cn=jtest,ou=users,ou=MJC,dc=mjc,dc=lan', ['user', 'posixGroup', 'top'], {'cn': 'jtest', 'sAMAccountName':'jtest', 'mail':'[email protected]','telephoneNumber':'0102030405','displayName':'jtest'})
This one works.
Then I try to set the password
Path_Root = "ou=users,ou=MJC,DC=mjc,DC=lan"
Filter = "(&(objectclass=user)(&(sAMAccountName=jtest)(!(objectclass=computer))))"
c.search(search_base = Path_Root,search_filter = Filter,attributes = ["cn", "sAMAccountName", "displayName"])
if len(c.entries) == 1:
USER_DN = c.response[0].get("dn")
c.extend.microsoft.modify_password(USER_DN, 'Formation123')
Like this but the last line keeps returning False.
Have you got an idea why ? Thank you.
According to this:
I looked into the source and it says old password must be None to reset password with sufficient privileges
This should work:
c.extend.microsoft.modify_password(USER_DN, 'Formation123', old_password=None)
And the connection has to be encrypted. You may have to specify ldaps:// even though you specified use_ssl, since the LDAPS port (636) is different than the regular LDAP port (389).
s = Server("ldaps://192.168.x.xx", use_ssl=True)
the solution was setting ssl on my ldap and it worked.