Hi, Mike
I think AD uses an extension to the Kerberos protocol to change the
password of a user. See
http://msdn2.microsoft.com/en-us/library/ms808911.aspx
As far as I understand it, the unicodePwd attribute is the NT hash of
the user's password. (See
http://msdn2.microsoft.com/en-us/library/
Hi,
> I want to suggest another approach: there needs to be an .egg for
> python-ldap that simply includes in the .so file, statically linked,
> all of the libraries it needs - so that the OpenLDAP and OpenSSL
> libraries just come "built in" and working, and don't rely on your
> even having those
Thanks for your input David. I will read through the MSDN articles to
see if they provide me with any inside. I am not familiar with using
SASL/GSSAPI/Kerberos to bind to AD's LDAP. Could you possibly provide
me with a few steps to accomplish this?
Thanks,
Mike
On Nov 8, 2007, at 7:48 A
First step is configuring your platform's kerberos library so you can
kinit against your AD server. You will need to read about krb5.conf and
kinit, I suspect.
Next step is getting a SASL-GSSAPI module installed so that SASL can
access your Kerberos library (through its GSSAPI interface). This i
David Leonard wrote:
>
> As far as I understand it, the unicodePwd attribute is the NT hash of
> the user's password.
I don't think so when setting it. Maybe it contains the NT hash
afterwards, but conversion is probably done internally.
http://support.microsoft.com/kb/269190
It seems you need
(repost from another address_
Here's something that may be useful in this conversation about AD
Objects. I wrote with some reference help a script to pack a SID as I
was creating the necessary objects to create AD accounts from python
using python-ldap:
"""
packsid
"""
import base64,struct
David Leonard wrote:
> I hope someone else can
> chime in here with an example of sasl binds with python-ldap.
See: Demo/sasl_bind.py
Ciao, Michael.
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log
>
> Mike Matz wrote:
>>
>> Thanks for the help guys. It got me off to a great start. I have
>> successfully created a user in my AD. As you already eluded to, I am
>> struggling with the password attribute. Can the password attribute
>> be set when creating a user. From what I gathered, the pa
Michael Ströder wrote:
David Leonard wrote:
I hope someone else can
chime in here with an example of sasl binds with python-ldap.
See: Demo/sasl_bind.py
oops, of course! thanks michael :)
--
David Leonard [EMAIL PROTECTED]
