Add:
Code
Short description
Tags

Like: create mysql user Like: mysql, bash, server

public

add it or cancel

IMPORTANT!

Snipt is going open source. We've toyed with this idea for quite a while, and have finally decided it's the right way to move forward.

A few things:

The entire Snipt source code will be released on GitHub under the 3-clause BSD License on Friday, September 10th.
While we'd like to think we're perfect, we realize we're only human. By open sourcing the software that runs this website, certain bugs or security flaws may be discovered that could compromise the privacy of your snipts.
Only the Lion Burger team will be able to push commits to the Snipt.net site. Contributors should send a pull request to add new features or submit patches.
By using this site, you agree not to be too angry or take any legal action against Lion Burger should this whole thing go up in flames some day.
Follow us on Twitter for updates.

I agree, close this message

passwords

showing 1-1 of 1 snipts for passwords

∞ Change Active Directory password via LDAP modify call

#!/usr/bin/python

import ldap

host = 'ldaps://ldap.example.com:636'

con = ldap.initialize(host)
con.set_option( ldap.OPT_X_TLS_DEMAND, True )
con.set_option( ldap.OPT_DEBUG_LEVEL, 255 )

# Encode the password in UTF-16 Little Endian
#
# ASCII "new":     0x6E 0x65 0x77
# UTF-16 "new":    0x6E 0x00 0x65 0x00 0x77 0x00
# UTF-16 "new"
#     with quotes: 0x22 0x00 0x6E 0x00 0x65 0x00 0x77 0x00 0x22 0x00
#
# http://msdn.microsoft.com/en-us/library/cc200469%28PROT.10%29.aspx
#
# NOTE: The article says to BER encode the password octet stream before
# sending for change, but doing so causes the server to give its standard
# "will not perform" error on password change. So, no BER encoding is done here.
username = 'someUser'
new_pass = 'ne$wP4assw0rd3!'
new_password = ('"%s"' % new_pass).encode("utf-16-le")

try:
	con.simple_bind_s( "admin@ldap.example.com", "password" )
	
	# For some reason, two MOD_REPLACE calls are necessary to change the password.
	# If only one call is performed, both the old and new password will work.
	mod_attrs = [( ldap.MOD_REPLACE, 'unicodePwd', new_password)],( ldap.MOD_REPLACE, 'unicodePwd', new_password)]
	con.modify_s('CN=%s,OU=Users,DC=ldap,DC=example,DC=com' % username, mod_attrs)
except:
	raise
else:
	print "Successfully changed password."

python

#!/usr/bin/python

import ldap

host = 'ldaps://ldap.example.com:636'

con = ldap.initialize(host)
con.set_option( ldap.OPT_X_TLS_DEMAND, True )
con.set_option( ldap.OPT_DEBUG_LEVEL, 255 )

# Encode the password in UTF-16 Little Endian
#
# ASCII "new":     0x6E 0x65 0x77
# UTF-16 "new":    0x6E 0x00 0x65 0x00 0x77 0x00
# UTF-16 "new"
#     with quotes: 0x22 0x00 0x6E 0x00 0x65 0x00 0x77 0x00 0x22 0x00
#
# http://msdn.microsoft.com/en-us/library/cc200469%28PROT.10%29.aspx
#
# NOTE: The article says to BER encode the password octet stream before
# sending for change, but doing so causes the server to give its standard
# "will not perform" error on password change. So, no BER encoding is done here.
username = 'someUser'
new_pass = 'ne$wP4assw0rd3!'
new_password = ('"%s"' % new_pass).encode("utf-16-le")

try:
	con.simple_bind_s( "admin@ldap.example.com", "password" )
	
	# For some reason, two MOD_REPLACE calls are necessary to change the password.
	# If only one call is performed, both the old and new password will work.
	mod_attrs = [( ldap.MOD_REPLACE, 'unicodePwd', new_password)],( ldap.MOD_REPLACE, 'unicodePwd', new_password)]
	con.modify_s('CN=%s,OU=Users,DC=ldap,DC=example,DC=com' % username, mod_attrs)
except:
	raise
else:
	print "Successfully changed password."

copy | embed

0 comments - tagged in

posted by Fotinakis on Aug 03, 2009 at 4:56 p.m. EDT

Latest 100 public snipts » Fotinakis's snipts » passwords

Fotinakis's tags