I've read everything I can find on the internet about using CFLDAP to reset/change an Active Directory password, and every thread trails off with no success.
I've been working on this for the last several days, and I've come to be convinced that its impossible to reset a user's password in AD through CFLDAP. I've confirmed that I've properly installed the certificate, and that I'm successfully communicating over SSL, and that the user I'm binding as has privileges to reset a user's password, but I still, no matter what I try, get the error: LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0 I've written some java code that uses the same credentials and settings, and it is able to change the password, but CFLDAP fails. I think the issue is with the formatting of the replacement password, but that's just my latest guess. So, has anybody ever actually succeeded in this? Can anybody from Adobe confirm or deny that this is actually possible? For completeness, here's my test code that fails: <cfset new_password = "newPassword1"> <cfset a = charsetEncode(charsetDecode('"'&new_password&'"','UTF-16LE'),'UTF-8')> <cfldap action="modify" modifyType="replace" attributes="unicodePwd=#a#" dn="CN=Ed Test, OU=Users, OU=Development, OU=IB, dc=ad2003-dev, dc=com" server="someLDAPServer.somedomain.com" port="636" username="CN=Administrator, CN=Users, dc=ad2003-dev, dc=com" password="someSecretPasswordString" secure="CFSSL_BASIC"> My password formatting is based on looking at the verbose JNDI logging between the Java that works and the CF that doesn't work. There's a discrepancy that may be the issue in the way that CFLDAP's handling the final UTF-16LE encoded double-quote - that java's showing a "22 00" byte pair, but the CFLDAP's dropping the 2nd byte of the character: Java (works): 0050: 0A 01 02 30 2E 04 0A 75 6E 69 63 6F 64 65 50 77 ...0...unicodePw 0060: 64 31 20 04 1E 22 00 6E 00 65 00 77 00 50 00 61 d1 ..".n.e.w.P.a 0070: 00 73 00 73 00 77 00 6F 00 72 00 64 00 31 00 21 .s.s.w.o.r.d.1.! 0080: 00 22 00 A0 1B 30 19 04 17 32 2E 31 36 2E 38 34 ."...0...2.16.84 ^^^^^ CFLDAP (fails): 0050: 0A 01 02 30 2B 04 0A 75 6E 69 63 6F 64 65 50 77 ...0+..unicodePw 0060: 64 31 1D 04 1B 22 00 6E 00 65 00 77 00 50 00 61 d1...".n.e.w.P.a 0070: 00 73 00 73 00 77 00 6F 00 72 00 64 00 31 00 22 .s.s.w.o.r.d.1." ^^ 0080: A0 1B 30 19 04 17 32 2E 31 36 2E 38 34 30 2E 31 ..0...2.16.840.1 ^^ So I'm suspecting AD's not liking the password. Nothing I do gets that double-quote right - seems to be deep inside the CFLDAP tag. Anyway, any input, or confirmation (and code) on how to do this would be greatly appreciated. Thanks in Advance! Edward Smith Principal Architect Internet Broadcasting. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333905 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm