Recipe 6.18 Setting a User's Password via LDAP

6.18.1 Problem

You want to set the password for a user using LDAP.

6.18.2 Solution

You have to first enable SSL/TLS support in your Active Directory domain. See Recipe 14.1 for more on this.

You can then set the unicodePwd attribute of a user object using LDAP operations over an SSL or TLS connection.

The value for the unicodePwd attribute must be a Unicode string that is surrounded by quotes and Base64 encoded. See Recipe 10.4 for more on encoding text with Base64.

6.18.3 Discussion

The unicodePwd attribute can be directly modified over a SSL or TLS connection, but it can never be read.

6.18.4 See Also

Recipe 10.4 for more on Base64 encoding, Recipe 14.1 for enabling SSL/TLS, MS KB 263991 (How to Set a User's Password with Ldifde), MS KB 264480 (Description of Password-Change Protocols in Windows 2000), and MS KB 269190 (HOWTO: Change a Windows 2000 User's Password Through LDAP)

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List