I've read everything I can find on the internet about using CFLDAP to
reset/change an Active Directory password, and every thread trails off with
no success.
I've been working on this for the last several days, and I've come to be
convinced that its impossible to reset a user's password in AD through
CFLDAP.
I've confirmed that I've properly installed the certificate, and that I'm
successfully communicating over SSL, and that the user I'm binding as has
privileges to reset a user's password, but I still, no matter what I try,
get the error:
LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003
(WILL_NOT_PERFORM), data 0
I've written some java code that uses the same credentials and settings, and
it is able to change the password, but CFLDAP fails.
I think the issue is with the formatting of the replacement password, but
that's just my latest guess.
So, has anybody ever actually succeeded in this?
Can anybody from Adobe confirm or deny that this is actually possible?
For completeness, here's my test code that fails:
<cfset new_password = "newPassword1">
<cfset a =
charsetEncode(charsetDecode('"'&new_password&'"','UTF-16LE'),'UTF-8')>
<cfldap action="modify"
modifyType="replace"
attributes="unicodePwd=#a#"
dn="CN=Ed Test, OU=Users, OU=Development, OU=IB, dc=ad2003-dev, dc=com"
server="someLDAPServer.somedomain.com"
port="636"
username="CN=Administrator, CN=Users, dc=ad2003-dev, dc=com"
password="someSecretPasswordString"
secure="CFSSL_BASIC">
My password formatting is based on looking at the verbose JNDI logging
between the Java that works and the CF that doesn't work.
There's a discrepancy that may be the issue in the way that CFLDAP's
handling the final UTF-16LE encoded double-quote - that java's showing a
"22 00" byte pair, but the CFLDAP's dropping the 2nd byte of the character:
Java (works):
0050: 0A 01 02 30 2E 04 0A 75 6E 69 63 6F 64 65 50 77 ...0...unicodePw
0060: 64 31 20 04 1E 22 00 6E 00 65 00 77 00 50 00 61 d1 ..".n.e.w.P.a
0070: 00 73 00 73 00 77 00 6F 00 72 00 64 00 31 00 21 .s.s.w.o.r.d.1.!
0080: 00 22 00 A0 1B 30 19 04 17 32 2E 31 36 2E 38 34 ."...0...2.16.84
^^^^^
CFLDAP (fails):
0050: 0A 01 02 30 2B 04 0A 75 6E 69 63 6F 64 65 50 77 ...0+..unicodePw
0060: 64 31 1D 04 1B 22 00 6E 00 65 00 77 00 50 00 61 d1...".n.e.w.P.a
0070: 00 73 00 73 00 77 00 6F 00 72 00 64 00 31 00 22 .s.s.w.o.r.d.1."
^^
0080: A0 1B 30 19 04 17 32 2E 31 36 2E 38 34 30 2E 31 ..0...2.16.840.1
^^
So I'm suspecting AD's not liking the password. Nothing I do gets that
double-quote right - seems to be deep inside the CFLDAP tag.
Anyway, any input, or confirmation (and code) on how to do this would be
greatly appreciated.
Thanks in Advance!
Edward Smith
Principal Architect
Internet Broadcasting.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333905
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
