LDAP password update
in [Advanced Techniques]
|
From: cfMak on 25 Jan 2007 11:28 I'm trying to provide the ability for our users to change their domain password from our website. The website is located in the DMZ and is not part of the domain. I have sucessfully connected and run several LDAP queries. I can authenticate via ldap and all is well. When I try to change a password I get various errors depending on the code. I'm not sure if the following attribut is even correct. I've seen it used in a php example. <CFLDAP ACTION="MODIFY" MODIFYTYPE="replace" port = "636" server = "#serverIP#" username = "#domain#\#adminuser#" password = "#adminpassword#" ATTRIBUTES="unicodepwd=#newtestpassword#" DN="#ldapDNLookup.DN#"> this code provides the following error: An error has occured while trying to execute modify :Request: 1 cancelled. One or more of the required attributes may be missing/incorrect or you do not have permissions to execute this operation on the server if i don't specify a secure port i get this error: An error has occured while trying to execute modify :[LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 ]. Is this possible to do with CFLDAP
From: Dmadzia on 5 Feb 2007 16:04 cfMak, Have you figured out how to do this yet? I am trying to figure this out as well. I do LDAP querys/updates all of the time, but replacing a user's password has me stumped. I get the exact same error (WILL_NOT_PERFORM). I have been trying to decipher Microsoft's KB article: http://support.microsoft.com/?kbid=269190 and am trying to figure out how to covert the password to: "the directory service expects that the octet-string will contain a UNICODE string (as the name of the attribute indicates). This means that any values for this attribute passed in LDAP must be UNICODE strings that are BER-encoded (Basic Encoding Rules) as an octet-string. In addition, the UNICODE string must begin and end in quotes that are not part of the desired password." Also LDAP must be using SSL (which I am using). There has got to be a way!?! P.S. I found an workaround from this forum which I haven't tried yet (and really don't want to use, as you should be able to do this through LDAP.) It is to to a <cfexecute> net user <username> <password> /domain Thanks, Dan
From: Dmadzia on 9 Feb 2007 11:31 Well, since no one reads or answers these forums (especially Adobe), does anyone know a better CF forum I can ask this question?
|
Pages: 1 Prev: Unsupported major.minor version 49.0 Next: Verity Spider - Bad Keys |