Front page | perl.ldap |
Postings from April 2011
We recently updated our Active Directory servers to 2008 R2. I had a
perl script that would change a users password in OpenLDAP and Active
Directory at the same time. This was working fine until the update. I
can still change a user's password when I bind as an AD administrator,
but not as a normal user. Has anyone else here gone through this?
I know the that behavior or replacing a password is different whether
you are an administrator or regular user changing your own password, as
documented here:
http://support.microsoft.com/?kbid=269190
I wrote this code based on the above link:
# AD doesn't allow non-admin users to replace their password.
# Instead, it must be deleted and re-added. Administrators can only
# replace a password.
if ($username ne getlogin()) {
$mesg = $ad->modify($ad_user_dn, replace=>{unicodePwd =>
$newUnicodePwd} );
} else {
$mesg = $ad->modify($ad_user_dn, delete=>{unicodePwd =>
$newUnicodePwd});
$code = $mesg->code;
if ($code != 0) {
$mesg = $ad->modify($ad_user_dn, replace=>{unicodePwd =>
$newUnicodePwd} );
}
}
This worked for just fine until the upgrade to 2008 R2. Any ideas?
--
Prentice
Thread Next