> > Mike Matz wrote: >> >> Thanks for the help guys. It got me off to a great start. I have >> successfully created a user in my AD. As you already eluded to, I am >> struggling with the password attribute. Can the password attribute >> be set when creating a user. From what I gathered, the password >> attribute is 'unicodePwd'. >>
Forget about using LDAP to change a user's password. It can be done but it requires 128-bit SSL and so you need to set up certificate services and distribute the CA certificate to your client. An easier way is to use the Kerberos Set Password protocol (RFC3244). MIT Kerberos 1.3 and later support this protocol. Unfortunately there is no command-line interface to this call so you need to create a Python extension module for wrapping this call. My (in progress) project FreeADI contains a wrapper for the Set Password call. See the file "/trunk/freeadi/core/_krb5.c" on my Trac page at freeadi.org. The code is available under the liberal MIT license. The "userPassword" attribute is the Unix shadow hash, and is not used for Kerberos. Regards, Geert ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Python-LDAP-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
