[Samba] Change user password with LDAP
Jonathon Reinhart
jonathon.reinhart at gmail.com
Sat May 15 04:14:07 UTC 2021
Hi Hernan,
Yes, you can absolutely change an AD user's password via LDAP. You got
it right; you need to edit unicodePwd which is UTF-16 encoded with
quotes. Why not just go ahead and try it?
Here's the official spec:
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/6e803168-f140-4d23-b2d3-c3a8ab5917d2
Here's another reference:
https://ldapwiki.com/wiki/UnicodePwd#section-UnicodePwd-TheSyntaxOfTheUnicodePwdAttribute
Here's how the Python ldap3 extend.microsoft.modify_password() API
implements it:
https://github.com/cannatag/ldap3/blob/78c449dd/ldap3/extend/microsoft/modifyPassword.py#L46-L50
Jonathon
On Fri, May 14, 2021 at 9:32 PM Hernan Jalabert via samba
<samba at lists.samba.org> wrote:
>
> Hello everyone, i comment yo you the situation in which I find myself. We
> are recently trying to migrate from samba version 3 to version 4. At the
> institution we have several applications that manage users. I have tried
> without success to change a user's password using ldap, that is, without
> going to samba-tool for this task. I read in several places that it might
> be possible by editing the unicodePwd attribute, and that the password must
> be in utf-16 in quotes. Before continuing trying, I just wanted to consult
> you, is it possible to change the user's password by editing any LDAP/AD
> property?
>
> I am working with a library (driver) of a programming language called
> elixir that so far has allowed me to edit the properties of a user without
> problems. My idea is to develop an interface that mediates between the
> developed applications and samba4.
>
> Sry. for my english.
>
> Thanks, any help is appreciated.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list